Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Suddenly can't connect to net (XP)


(!)

Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
20-Apr-2012, 01:34 PM #1
Suddenly can't connect to net (XP)
My XP box suddenly wouldn't connect to the network when I booted it today. It worked fine yesterday.

It's connected to the wireless router with a cable that plugs straight into the motherboard,
but it's stuck on "Acquiring IP address". The IP address appears to be 0.0.0.0, and the address type is stated as not valid.

The cable and the router are fine - I've tested with other computers. This is an issue with the pc itself.

I suspected that the hardware might be faulty, so I got a new network adapter and installed it. It also can't connect, and it says "TCP/IP is not activated for this connection" (or words to that effect - I'm using a non-English version of XP).
It should be noted that on the Networks screen, it is shown as being connected, but in the system tray it has a red X on it. It has sent 6 packages and received none.

The problem is still there in safe mode.

Any ideas what this might be and how to fix it?
etaf's Avatar
etaf   (Wayne) etaf is online now
Computer Specs
Moderator with 53,072 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
20-Apr-2012, 02:52 PM #2
can we see an ipconfig /all
also the services running
------------------------------------------------------------------------
ipconfig /all
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

ipconfig /all > network.txt & network.txt

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose Edit - Select all
all the text will be highlighted
Next
From the notepad menu - choose Edit - Copy
Now go back to the forum - reply and then right click in the reply box and paste
------------------------------------------------------------------------


------------------------------------------------------------------------
Services

We would like to see some status information for each of the services listed below to do this goto

Start> {Run in XP} {Search box in Vista/W7}> CMD to open a DOS window and type:
SERVICES.MSC
OR
Control Panel>
Administrative Tools>
Services>

then for each of the servies listed below - Please post back the following status information -
If the service is Started/Stopped
and
If the service is Automatic/Manual
  • COM+ Event System (for WZC issues)
  • Computer Browser
  • DHCP Client
  • DNS Client
  • Network Connections
  • Network Location Awareness
  • Remote Procedure Call (RPC)
  • Server
  • TCP/IP Netbios helper
  • Wireless Zero Configuration (XP wireless configurations only)
  • WLAN AutoConfig (Windows 7 & Vista wireless configurations only)
  • Workstation


If a service is not running,
right click on the service
then click on properties and now check the dependencies.

Check each of the dependencies and see which one is preventing the service from running.

Also to help us identify what may be causing the issue
Check the event log, there may be clues to what is failing. To do that
Start >
control panel >
administrative tools >
event Viewer>

------------------------------------------------------------------------
__________________
Wayne
Please let us know what the final solution was to any problem posted
Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
20-Apr-2012, 04:32 PM #3
Some details
Thank you very much for your reply.

Here's the info i've been able to gather. It's not an English-language machine, but I imagine it's clear enough. If not, let me know, and I'll venture a translation.

Microsoft Windows XP [Versjon 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corporation

C:\Documents and Settings\JE>ipconfig /all

Windows IP-konfigurasjon

Vertsnavn . . . . . . . . . . . : ADMIN-1D1CF0B5F
Primær DNS-suffiks . . . . . . . :
Nodetype . . . . . . . . . . . . : Unknown
IP-ruting aktivert . . . . . . . : No
WINS Proxy aktivert. . . . . . . : No

Ethernet-kort Lokal tilkobling 4:

Medietilstand. . . . . . . . . . : Disconnected
Beskrivelse . . . . . . . . . . : TAP-Win32 Adapter V9
Fysisk adresse . . . . . . . . . : 00-FF-CB-4E-8C-F1

Ethernet-kort Lokal tilkobling:

Tilkoblingsspesifikt DNS-suffiks :
Beskrivelse . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Et
hernet NIC (Note: This is the old connection that suddenly quit working)
Fysisk adresse . . . . . . . . . : 00-18-F3-09-20-3E
DHCP aktivert. . . . . . . . . . : Yes
Automatisk konfigurasjon aktivert: Yes
IP-adresse . . . . . . . . . . . : 0.0.0.0
Nettverksmaske . . . . . . . . . : 0.0.0.0
IP-adresse . . . . . . . . . . . : fe80::218:f3ff:fe09:203e%8
Standard gateway . . . . . . . . :
DHCP-server. . . . . . . . . . . : 192.168.0.1
DNS-servere. . . . . . . . . . . : 192.168.0.1
fec0:0:0:ffff::1%2
fec0:0:0:ffff::2%2
fec0:0:0:ffff::3%2
NetBIOS over TCP/IP. . . . . . . : Deactivated

Tunnelkort Teredo Tunneling Pseudo-Interface:

Tilkoblingsspesifikt DNS-suffiks :
Beskrivelse . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Fysisk adresse . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
DHCP aktivert. . . . . . . . . . : No
IP-adresse . . . . . . . . . . . : fe80::ffff:ffff:fffd%7
Standard gateway . . . . . . . . :
NetBIOS over TCP/IP. . . . . . . : Deactivated

Ethernet-kort Lokal tilkobling 5: (Note: This is the new network adapter I installed)

Tilkoblingsspesifikt DNS-suffiks :
Description . . . . . . . . . . :
Fysisk adresse . . . . . . . . . : 00-0A-CD-1F-9C-DD
DHCP activated. . . . . . . . . . : No
IP-adresse . . . . . . . . . . . : fe80::20a:cdff:fe1f:9cdd%4
Standard gateway . . . . . . . . :
NetBIOS over TCP/IP. . . . . . . : Deactivated

Services

COM+ Event System (for WZC issues) - Started, manual

Computer Browser - Not marked as started, Automatic . Dependent on Server and Workstation. When I try to start this, it stops immediately.

DHCP Client - Not marked as started, Automatic. This is dependent on AFD and Driver for TCP/IP protocol. When I try to start this, I get the message: Cannot start the service DHCP. Error 1075: The service that this service depends on does not exist or has been marked for deletion

DNS Client - Started, automatic

Network Connections - Started, manual

Network Location Awareness - Started, manual

Remote Procedure Call (RPC) - Started, automatic

Server - Started, automatic

TCP/IP Netbios helper - Not marked as started, Automatic. Dependent on AFD. When I try to start, I get the same massage as for DHCP client above. How do I check AFD? And what is it?

Wireless Zero Configuration (XP wireless configurations only) - Started, automatic

WLAN AutoConfig (Windows 7 & Vista wireless configurations only) - N/A

Workstation - Started, automatic


Events

In the Event viewer, the first thing that's logged after I boot the computer is an error with source PerfNet, Event-ID 2004. Description: Cannot open server service.

Apart from that, there are no obvious clues on the Event list.
etaf's Avatar
etaf   (Wayne) etaf is online now
Computer Specs
Moderator with 53,072 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
20-Apr-2012, 04:36 PM #4
lets try a tcp/ip reset see below - unlikely
as this is the problem

Quote:
DHCP Client - Not marked as started, Automatic. This is dependent on AFD and Driver for TCP/IP protocol. When I try to start this, I get the message: Cannot start the service DHCP. Error 1075: The service that this service depends on does not exist or has been marked for deletion
this is the problem

see if you can start see below

it maybe a virus

------------------------------------------------------------------------

http://www.blackviper.com/windows-services/dhcp-client/

To verify that the dependency components are running. Follow the steps below:
• Click Start, Run and type DEVMGMT.MSC
• In the View menu, click Show hidden devices
• Double-click Non-Plug and Play drivers section
• Double-click the entry AFD, "Ancillary Function Driver for winsock" and click the Driver tab
Whats the startup type set to ?
• Start the service. Note down the error message if any.


Similarly start the other drivers namely:
NetIO legacy TDI support driver
TCP/IP Protocol Driver
Network store interface service - http://www.blackviper.com/windows-se...rface-service/
NSI proxy service

Post back if all are started and any error messages

• Now check if you can start the DHCP client service.

Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.
Note: Type only the text in bold for the following commands.
net start dhcp client
Please note and post back - if you receive the message
Access is Denied

Post back the results here - we need to know these commands worked correctly
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste


--------------------------------


------------------------------------------------------------------------

TCP/IP stack repair options for use with Windows XP with SP2/SP3

Start, Run, CMD to open a command prompt:

In the command prompt window that opens, type type the following commands:

Note: Type only the text in bold for the following commands.

Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log
and press enter

Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog
and press enter

Reboot the machine.

Please note and post back - if you receive the message
Access is Denied

Post back the results here
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and
control key + V to paste
------------------------------------------------------------------------
Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
20-Apr-2012, 05:03 PM #5
Thanks a lot for helping me with this! It's starting to look like a virus, I guess.

AFD: Started
Startup type: System

NetIO Legacy TDI support driver: Can't find it on the list

TCP/IP Protocol Driver: Can't find it on the list

Network store interface service: Can't find it on the list

NSI Proxy Service: Can't find it on the list


On command prompt, having run it as the only user listed (which is not Admin, but I can't find it):

C:\WINDOWS>net start dhcp client
System error 5 has occurred

Access denied

C:\WINDOWS>


Resetting to installation defaults seems to have worked with no error.


After rebooting, the problem persists.
etaf's Avatar
etaf   (Wayne) etaf is online now
Computer Specs
Moderator with 53,072 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
21-Apr-2012, 04:34 AM #6
would you post the following logs
http://forums.techguy.org/virus-othe...e-posting.html
i will move to the virus forum, lets see if you have a virus

it may take 48 hrs to get a reply
Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
21-Apr-2012, 06:21 AM #7
I ran Hijack this and got the log, but DDS freezes the computer after a couple of minutes, so no log there. GMER does not, as far as I can tell, warn of any rootkit activity, so I didn't run the full scan.

More info that could be important: Avast antivirus gave me a warning about a suspicious file called Dplaysvr.exe, which it found in the Documents and Settings folder. I think it's a little strange to encounter that file outside of the System32 folder. Apparently, Avast allowed it to run in the sandbox. I deleted the exe-file, but it seems to be accompanied by a dll-file that I'm not allowed to delete.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:19, on 4/21/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programfiler\Analog Devices\Core\smax4pnp.exe
C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe
C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\vVX1000.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
C:\Programfiler\DivX\DivX Update\DivXUpdate.exe
C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\uTorrent\uTorrent.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\OnlyWire\OnlyWireWindows.exe
C:\Programfiler\CASIO\Photo Loader\Plauto.exe
C:\Programfiler\Java\jre6\bin\javaw.exe
C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe
C:\Programfiler\MagicDisc\MagicDisc.exe
C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programfiler\OpenOffice.org 3\program\soffice.exe
C:\Programfiler\OpenOffice.org 3\program\soffice.bin
C:\Programfiler\Exstora\Exstora.exe
C:\Programfiler\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\java.exe
C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programfiler\Application Updater\ApplicationUpdater.exe
C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Programfiler\Java\jre6\bin\jqs.exe
C:\Programfiler\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
M:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login...www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programfiler\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [YSearchProtection] "C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programfiler\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager. exe" -launchedbylogin
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programfiler\Fellesfiler\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe "
O4 - HKLM\..\Run: [SwitchBoard] C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS5ServiceManager\CS5ServiceManager. exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programfiler\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SearchSettings] "C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Search Protection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xewuysuvrwcm] c:\documents and settings\je\lokale innstillinger\programdata\ivudmx\xjnscmb.exe
O4 - HKCU\..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe
O4 - HKCU\..\Run: [cebcdbbddaedadcdct] "C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Snarvei til Exstora.lnk = C:\Programfiler\Exstora\Exstora.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: OnlyWire.LNK = ?
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1137417613093
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsit...SUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programfiler\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14421 bytes
etaf's Avatar
etaf   (Wayne) etaf is online now
Computer Specs
Moderator with 53,072 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
21-Apr-2012, 06:25 AM #8
moved to the virus forum
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Apr-2012, 06:41 AM #9
Download the following tool to a different PC, Save to a USB flash drive (memory stick) or CD and transfer to the Desktop of the infected PC....

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
21-Apr-2012, 08:08 AM #10
Infected with Rootkit.ZeroAccess. It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.

The first time I ran Combofix, it caught the infection, but then seemed to freeze the computer. It also noted that the computer does not have Microsoft Windows recovery console, and without net access it can't download it.

Combofix tells me about the infection via a popup called Combofix. Then, as it continues to run, I get another popup that's called Rootkit. It says "Rootkit is detected. Be patient as this may take some moments." There's an OK button which I did not press. After 3 minutes of running Combofix, the computer is frozen.

I rebooted, and there was still no net access. I ran Combofix again, same result - popups, then the computer freezes.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Apr-2012, 09:39 AM #11
Re-boot to safe mode and try CF again....
Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
21-Apr-2012, 10:01 AM #12
The same happens in safe mode. I have also tried Symantec ZeroAccess Remover and another program specific for this virus - they don't find the infection at all.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Apr-2012, 10:06 AM #13
Transfer the following to the desktop of the sick PC as you did with Combofix

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    Code:
    netsvcs
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    msconfig
    %SYSTEMDRIVE%\*.exe
    %LOCALAPPDATA%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin
Theolini's Avatar
Theolini Theolini is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Apr 2012
21-Apr-2012, 10:24 AM #14
Here are the two files, OTL.txt first, then Extras.txt:


OTL logfile created on: 4/21/2012 17:14:25 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\JE\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2,94 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 79,78% Memory free
4,78 Gb Paging File | 4,38 Gb Available in Paging File | 91,59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 74,53 Gb Total Space | 30,59 Gb Free Space | 41,04% Space Free | Partition Type: NTFS
Drive E: | 367,71 Gb Total Space | 324,62 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 213,05 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive L: | 931,28 Gb Total Space | 434,11 Gb Free Space | 46,61% Space Free | Partition Type: FAT32
Drive M: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,93% Space Free | Partition Type: FAT32

Computer Name: ADMIN-1D1CF0B5F | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 17:08:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JE\Skrivebord\OTL.exe
PRC - [2012/04/12 10:39:18 | 000,980,832 | ---- | M] (Spigot, Inc.) -- C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Programfiler\Application Updater\ApplicationUpdater.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programfiler\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programfiler\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
PRC - [2011/01/17 20:44:52 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:44:52 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.bin
PRC - [2010/01/22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/06/19 18:12:51 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Programfiler\MagicDisc\MagicDisc.exe
PRC - [2009/02/03 15:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/28 05:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\HP1006MC.EXE
PRC - [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2007/01/26 12:36:44 | 000,495,616 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2006/12/20 11:34:02 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
PRC - [2006/12/11 07:16:10 | 000,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2004/12/14 03:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/18 16:13:53 | 001,767,424 | ---- | M] () -- C:\Programfiler\Alwil Software\Avast5\defs\12041801\algo.dll
MOD - [2011/12/03 17:12:56 | 000,103,424 | ---- | M] () -- C:\Programfiler\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programfiler\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programfiler\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/10 23:48:41 | 000,985,088 | ---- | M] () -- C:\Programfiler\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/06/08 04:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
MOD - [2010/03/21 20:19:50 | 000,094,208 | ---- | M] () -- C:\Programfiler\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/13 20:50:04 | 000,325,120 | ---- | M] () -- C:\Programfiler\TeraCopy\TeraCopy.dll
MOD - [2009/04/27 11:55:12 | 000,678,400 | ---- | M] () -- C:\Programfiler\IZArc\IZArcCM.dll
MOD - [2007/01/26 12:36:44 | 000,495,616 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2006/11/15 11:57:54 | 004,534,272 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2006/11/15 09:58:54 | 000,021,504 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006/08/11 21:43:10 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2006/03/09 16:45:36 | 000,081,920 | R--- | M] () -- C:\Programfiler\Fellesfiler\Teleca Shared\boost_log-vc71-mt-1_33.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programfiler\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ggty\pev.3XE -- (PEVSystemStart)
SRV - [2010/05/10 12:20:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programfiler\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 20:12:52 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Scutum50.sys -- (Scutum50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JE\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tdtvrhxv.sys -- (bnroyqr)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.netbt)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/09/06 12:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/10 11:16:02 | 000,803,328 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/16 05:04:24 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/04/10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/08 11:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)
DRV - [2007/02/08 11:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007/02/08 11:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)
DRV - [2007/02/08 11:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)
DRV - [2007/02/08 11:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007/02/08 11:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007/02/08 11:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus) Sony Ericsson Device 0A1 driver (WDM)
DRV - [2006/10/30 02:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/08/14 21:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 10:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/12/19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login...www.yahoo.com/
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_no
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://no.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programfiler\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programfiler\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programfiler\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programfiler\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programfiler\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programfiler\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programfiler\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programfiler\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programfiler\Tracker Software\npPDFXCviewNPPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\PHPEditXdebugExtens ion@waterproof.fr: C:\Programfiler\WaterProof\PHPEdit\3.4.6\Tools\FirefoxExtension\unpacked [2009/12/03 16:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programfiler\Spyware Doctor\BDT\FireFox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programfiler\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/15 15:03:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programfiler\Alwil Software\Avast5\WebRep\FF [2012/04/12 22:11:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2012/03/17 20:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2012/03/24 14:08:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtensi on@waterproof.fr: C:\Programfiler\WaterProof\PHPEdit\3.4.6\Tools\FirefoxExtension\unpacked [2009/12/03 16:17:23 | 000,000,000 | ---D | M]

[2009/12/15 19:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Extensions
[2009/11/16 15:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2009/06/19 22:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\extensions
[2009/06/19 22:18:37 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/04/13 09:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s
[2010/04/28 09:42:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/14 09:29:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/10 16:21:38 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/03/31 10:31:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/22 12:13:29 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2012/03/13 21:56:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extension s\foxmarks@kei.com
[2011/12/21 15:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2012/03/17 20:09:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programfiler\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/28 21:17:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programfiler\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/10/01 11:16:00 | 000,001,525 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/01 11:16:00 | 000,002,252 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bing.xml
[2011/10/01 11:16:00 | 000,001,218 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bok-NO.xml
[2011/10/01 11:16:00 | 000,000,968 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\qxl-NO.xml
[2011/10/01 11:16:00 | 000,001,203 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
[2011/10/01 11:16:00 | 000,001,176 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\wikipedia-NO.xml
[2011/10/01 11:16:00 | 000,001,192 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\yahoo-NO.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programfiler\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programfiler\Google\Chrome\Application\18.0.1025.162\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programfiler\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programfiler\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programfiler\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programfiler\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programfiler\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Programfiler\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programfiler\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/04/18 16:05:24 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll File not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programfiler\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programfiler\Fellesfiler\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Programfiler\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Programfiler\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe File not found
O4 - HKLM..\Run: [Google Quick Search Box] C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Programfiler\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [cebcdbbddaedadcdct] C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe ()
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe File not found
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [Search Protection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [uTorrent] C:\Programfiler\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [xewuysuvrwcm] c:\documents and settings\je\lokale innstillinger\programdata\ivudmx\xjnscmb.exe File not found
O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [YSearchProtection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\OnlyWire.LNK = C:\Programfiler\OnlyWire\OnlyWireWindows.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\Dropbox.lnk = C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\OpenOffice.org 3.3.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\Snarvei til Exstora.lnk = C:\Programfiler\Exstora\Exstora.exe (Exstora.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programfiler\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1137417613093 (WUWebControl Class)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/ca...ail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsit...SUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{605CB29E-C9ED-48A6-851F-FF9AE0F76CE8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Fellesfiler\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll) - c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 22:12:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/16 22:12:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - L:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - L:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programfiler\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 17:08:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JE\Skrivebord\OTL.exe
[2012/04/21 16:52:00 | 000,000,000 | --SD | C] -- C:\ggty
[2012/04/21 15:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JE\Programdata\FixZeroAccess
[2012/04/21 14:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/21 14:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/21 14:34:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/21 14:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/21 14:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/21 14:34:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/21 14:30:53 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\JE\Skrivebord\ggty.exe
[2012/04/21 12:10:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenter\Mine videoer
[2012/04/21 12:10:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JE\Start-meny\Programmer\Administrative verktøy
[2012/04/21 12:10:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JE\Skrivere
[2012/04/21 11:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JE\Skrivebord\Stuff from desktop
[2012/04/19 16:27:27 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2012/04/19 16:27:26 | 000,803,328 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2012/04/19 16:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Jensen Driver
[2012/04/19 14:34:25 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2012/04/19 14:34:25 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/04/18 17:21:08 | 000,048,224 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\JE\Programdata\dplayx.dll
[2012/04/13 09:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JE\Programdata\Search Settings
[2012/04/13 09:33:30 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Spigot
[2012/04/13 09:33:30 | 000,000,000 | ---D | C] -- C:\Programfiler\pdfforge Toolbar
[2012/04/13 09:33:30 | 000,000,000 | ---D | C] -- C:\Programfiler\Application Updater
[2012/04/13 09:32:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/11 18:57:44 | 000,000,000 | ---D | C] -- C:\Programfiler\Market Samurai
[2012/03/24 14:05:50 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\JE\Mine dokumenter\wmpfirefoxplugin.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/21 17:17:22 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe
[2012/04/21 17:11:57 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/04/21 17:11:39 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 17:10:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/21 17:08:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JE\Skrivebord\OTL.exe
[2012/04/21 15:23:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 14:29:34 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\JE\Skrivebord\ggty.exe
[2012/04/20 23:56:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/20 22:12:17 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\JE\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/19 17:45:55 | 000,483,614 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
[2012/04/19 17:45:55 | 000,481,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 17:45:55 | 000,089,028 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
[2012/04/19 17:45:55 | 000,079,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/18 16:05:36 | 000,048,224 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\JE\Programdata\dplayx.dll
[2012/04/13 20:24:47 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Google Chrome.lnk
[2012/04/12 22:51:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/12 22:11:44 | 000,002,622 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/11 18:57:49 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Market Samurai.lnk
[2012/04/04 15:04:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/04/01 02:00:01 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ADMIN-1D1CF0B5F-JE.job
[2012/03/24 14:05:56 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\JE\Mine dokumenter\wmpfirefoxplugin.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 14:34:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/21 14:34:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/21 14:34:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/21 14:34:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/21 14:34:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/19 16:27:26 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/04/18 17:21:18 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe
[2012/04/11 18:57:49 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Programmer\Market Samurai.lnk
[2012/04/11 18:57:49 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Market Samurai.lnk
[2012/04/04 15:04:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/03/13 23:49:12 | 000,242,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\WPFFontCache_v0400-System.dat
[2012/03/13 23:49:12 | 000,242,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\WPFFontCache_v0400-S-1-5-21-1681404727-1096885980-213270738-1007-0.dat
[2012/02/15 09:53:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/22 17:58:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
[2011/04/07 22:02:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2011/02/07 14:21:39 | 000,017,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/19 23:17:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

========== LOP Check ==========

[2010/07/13 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Alwil Software
[2012/04/19 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Jensen Driver
[2010/08/10 22:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Micro Niche Finder
[2011/10/09 15:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\migrateos
[2011/10/09 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Paragon
[2011/05/27 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\regid.1986-12.com.adobe
[2010/02/18 19:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Rosetta Stone
[2009/06/19 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Teleca
[2012/04/21 17:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\TEMP
[2009/06/19 22:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\WinTrade
[2011/04/20 16:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\AnvSoft
[2012/03/12 23:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\calibre
[2012/04/21 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Dropbox
[2010/02/22 21:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Exstora
[2012/04/16 22:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\FileZilla
[2012/04/21 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\FixZeroAccess
[2009/06/19 22:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Foxit
[2011/12/18 11:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Foxit Software
[2011/04/20 16:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\iJoysoft
[2009/07/13 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\ImgBurn
[2010/09/02 19:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\inkscape
[2011/06/02 22:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Keyword Research Pro
[2010/03/31 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Leadertech
[2011/02/06 22:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDC EDC.1
[2010/08/28 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\NewsLeecher
[2011/08/28 17:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Notepad++
[2009/06/19 21:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\OpenOffice.org
[2010/11/21 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Opera
[2011/01/20 09:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\pdfforge
[2012/04/13 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Search Settings
[2011/12/19 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Spotify
[2009/10/17 15:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Teleca
[2012/04/21 17:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\TeraCopy
[2010/10/20 12:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Tracker Software
[2010/02/25 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\TypingMaster7
[2012/04/21 17:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\uTorrent
[2009/12/03 16:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\WaterProof
[2011/06/02 20:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Web Content Studio
[2011/05/30 21:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Web Content Studio LITE
[2009/07/06 14:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\WinTrade

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >
[2010/02/22 21:23:24 | 000,380,315 | ---- | M] () -- C:\Exstora_v_2.6_en.exe
Invalid Environment Variable: LOCALAPPDATA

< MD5 for: EXPLORER.EXE >
[2004/08/04 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=0B4A898DE1AA20D133C91BA260E7A8A1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=8059C34B6F4758F678E975665EADFD87 -- C:\WINDOWS\explorer.exe
[2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=8059C34B6F4758F678E975665EADFD87 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 18:23:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2FADE3D461E99941AAA13E0B83385B46 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 18:23:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2FADE3D461E99941AAA13E0B83385B46 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=C4D272D897700C7AD4B8E8454CD08676 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 21:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=025D58A521E0063B92ADEBD84F147E68 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 18:23:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5EE32955C86D583627F8D37350C1E145 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 18:23:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5EE32955C86D583627F8D37350C1E145 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 18:23:17 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=15CCFEC060818DAB936B8C5FAEEE21F9 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 18:23:17 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=15CCFEC060818DAB936B8C5FAEEE21F9 -- C:\WINDOWS\system32\winlogon.exe
[2004/08/04 21:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) MD5=765B39061CA16D01ABFEA752C5E2DB8F -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0 .0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Programdata\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:A8ADE5D8

< End of report >





OTL Extras logfile created on: 4/21/2012 17:14:25 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\JE\Skrivebord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

2,94 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 79,78% Memory free
4,78 Gb Paging File | 4,38 Gb Available in Paging File | 91,59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
Drive C: | 74,53 Gb Total Space | 30,59 Gb Free Space | 41,04% Space Free | Partition Type: NTFS
Drive E: | 367,71 Gb Total Space | 324,62 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 213,05 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive L: | 931,28 Gb Total Space | 434,11 Gb Free Space | 46,61% Space Free | Partition Type: FAT32
Drive M: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,93% Space Free | Partition Type: FAT32

Computer Name: ADMIN-1D1CF0B5F | User Name: JE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programfiler\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programfiler\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programfiler\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\W32X86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\W32X86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Programfiler\uTorrent\uTorrent.exe" = C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programfiler\Steam\steamapps\common\sid meier's railroads\RailRoads.exe" = C:\Programfiler\Steam\steamapps\common\sid meier's railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads -- (Firaxis Games, Inc)
"C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Programfiler\WaterProof\PHPEdit\3.4.6\PHPEdit.exe" = C:\Programfiler\WaterProof\PHPEdit\3.4.6\PHPEdit.exe:*:Enabled:PHPEdit -- ()
"C:\Programfiler\Microsoft LifeCam\LifeCam.exe" = C:\Programfiler\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programfiler\Microsoft LifeCam\LifeExp.exe" = C:\Programfiler\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Programfiler\Opera\opera.exe" = C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Programfiler\OnlyWire\OnlyWireWindows.exe" = C:\Programfiler\OnlyWire\OnlyWireWindows.exe:*:Enabled:OnlyWire Submitter -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0317400B-698E-4F22-A1CB-AA91D9D0D118}" = Power Article Rewriter
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Jensen AL25150
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EAC35F4-FF26-4123-9404-0B5B93DAB570}" = Microsoft .NET Framework 1.1 Norwegian Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40631ADD-7633-F1F1-32D2-D1FB6374BAFB}" = Market Samurai
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{548904BC-BC37-4660-B8F8-6639A4D23520}" = pdfforge Toolbar v5.4
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{668B2B3A-4241-409F-A4AE-79B5016A487E}" = Sony Ericsson PC Suite
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1E
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F23C6B7-88FA-4336-A870-5ED9598E22C7}" = calibre
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82809223-2CAC-4681-956A-86C1884A48B4}" = WinTrade 11.5.12
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8F23E786-61A7-4708-B7C2-1A41DFD79162}" = OpenOffice.org 3.3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1044-7B44-A70000000000}" = Adobe Reader 7.0 - Norsk
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D335CD4C-22C8-4A33-802A-294A1DF4CECB}" = Web Content Studio
"{D4378A80-C713-11DF-9399-005056C00008}" = Paragon Migrate OS to SSD™
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9FD2842-0821-413D-BB3B-E207121E0D60}" = Keyword Research Pro
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-tillegg til CD-brenningsveiviser for Microsoft Windows XP
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"Any Video Converter_is1" = Any Video Converter 3.2.2
"Ask Toolbar_is1" = Foxit Toolbar
"avast" = avast! Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.02
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EOS Utility" = Canon Utilities EOS Utility
"Exstora" = Exstora 2.6
"FileZilla Client" = FileZilla Client 3.3.2.1
"Foxit Reader_is1" = Foxit Reader 5.0
"Gogo MP3 To CD Burner_is1" = Gogo MP3 To CD Burner
"Google Chrome" = Google Chrome
"Hide My ***! Pro" = Hide My ***! Pro 1.8
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.0
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 nb-NO)" = Mozilla Firefox 11.0 (x86 nb-NO)
"MP3 Manager" = MP3 Manager
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OnlyWire" = OnlyWire
"Opera 11.62.1347" = Opera 11.62
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Paint Shop Pro 4.12 Shareware" = Paint Shop Pro 4.12 Shareware
"PHPEdit" = PHPEdit 3.4.6
"pycrypto-py2.7" = Python 2.7 pycrypto-2.1.0
"Quick Search Box" = Googles hurtigsøkfelt
"RealPlayer 6.0" = RealPlayer
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 7600" = Sid Meier's Railroads
"TeraCopy_is1" = TeraCopy 2.12
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"YTdetect" = Yahoo! Detect
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"04ac28dc7fbde18f" = Ultimate Niche Finder
"48a013895e6b1631" = Ultra Simple Web Browser
"Dropbox" = Dropbox
"GoogleToolBar" = GoogleToolBar
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/5/2009 16:28:38 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 09:20:47 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 11/6/2009 12:41:20 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 11/8/2009 11:42:24 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 11/8/2009 13:53:39 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 11/9/2009 13:45:50 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 11/11/2009 13:34:41 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:57:23 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

Error - 12/23/2009 10:57:23 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/20/2012 06:13:11 | Computer Name = ADMIN-1D1CF0B5F | Source = Application Error | ID = 1000
Description = Feilende program pdftohtml.exe, versjon 0.0.0.0, feilende modul msvcr90.dll,
versjon 9.0.30729.6161, feiladresse 0x0003bedb.

Error - 4/20/2012 06:13:48 | Computer Name = ADMIN-1D1CF0B5F | Source = Application Error | ID = 1000
Description = Feilende program pdftohtml.exe, versjon 0.0.0.0, feilende modul msvcr90.dll,
versjon 9.0.30729.6161, feiladresse 0x0003bedb.

Error - 4/20/2012 09:23:42 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Error - 4/20/2012 17:57:05 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Error - 4/21/2012 04:55:57 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Error - 4/21/2012 06:29:18 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Error - 4/21/2012 08:34:46 | Computer Name = ADMIN-1D1CF0B5F | Source = Application Error | ID = 1000
Description = Feilende program exstora.exe, versjon 2.6.0.0, feilende modul exstora.exe,
versjon 2.6.0.0, feiladresse 0x0001df82.

Error - 4/21/2012 08:56:43 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Error - 4/21/2012 09:39:22 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

Error - 4/21/2012 10:02:29 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
returnert. Den returnerte feilkoden er i data DWORD 0.

[ System Events ]
Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
Description = Tjenesten DNS Client er avhengig av tjenesten Driver for TCP/IP-protokoll,
som ikke kunne startes på grunn av feilen %%31

Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
Description = Tjenesten TCP/IP NetBIOS Helper er avhengig av tjenesten AFD, som
ikke kunne startes på grunn av feilen %%31

Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
Description = Tjenesten IPv6-hjelpetjeneste er avhengig av tjenesten Microsoft IPv6-protokolldriver,
som ikke kunne startes på grunn av feilen %%31

Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
Description = Tjenesten IPSEC Services er avhengig av tjenesten IPSEC-driver, som
ikke kunne startes på grunn av feilen %%31

Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7026
Description = Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip
Tcpip6
WS2IFSL

Error - 4/21/2012 11:11:38 | Computer Name = ADMIN-1D1CF0B5F | Source = SCardSvr | ID = 602
Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
finner ikke angitt bane.

Error - 4/21/2012 11:11:38 | Computer Name = ADMIN-1D1CF0B5F | Source = SCardSvr | ID = 602
Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
finner ikke angitt bane.

Error - 4/21/2012 11:11:40 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7000
Description = Tjenesten Scutum50 NDIS Protocol Driver kan ikke startes på grunn
av følgende feil: %%2

Error - 4/21/2012 11:11:40 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7003
Description = Tjenesten DHCP Client er avhengig av tjenesten NetBT, som ikke finnes.

Error - 4/21/2012 11:11:40 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7003
Description = Tjenesten TCP/IP NetBIOS Helper er avhengig av tjenesten NetBT, som
ikke finnes.


< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,708 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
21-Apr-2012, 11:02 AM #15
Put the following on the Desktop of sick PC as you`ve done with CF and OTL:

Download Yorkyt.exe and save to your Desktop.


Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"





Select Yes to restart at the prompt.





Let it restart again when prompted.





Be patient as the tool is working after the 2nd reboot.





Attach the Yorkyt.exe.log to your next message (it should be on your desktop)

Try Combofix again after running the Yorkyt

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2