1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Suddenly can't connect to net (XP)

Discussion in 'Virus & Other Malware Removal' started by Theolini, Apr 20, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    My XP box suddenly wouldn't connect to the network when I booted it today. It worked fine yesterday.

    It's connected to the wireless router with a cable that plugs straight into the motherboard,
    but it's stuck on "Acquiring IP address". The IP address appears to be 0.0.0.0, and the address type is stated as not valid.

    The cable and the router are fine - I've tested with other computers. This is an issue with the pc itself.

    I suspected that the hardware might be faulty, so I got a new network adapter and installed it. It also can't connect, and it says "TCP/IP is not activated for this connection" (or words to that effect - I'm using a non-English version of XP).
    It should be noted that on the Networks screen, it is shown as being connected, but in the system tray it has a red X on it. It has sent 6 packages and received none.

    The problem is still there in safe mode.

    Any ideas what this might be and how to fix it?
     
  2. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,910
    can we see an ipconfig /all
    also the services running
    ------------------------------------------------------------------------
    ipconfig /all
    If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

    We would like to see the results from ipconfig /all post back the results in a reply here

    Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

    In the command prompt window that opens, type the following command:

    Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

    ipconfig /all > network.txt & network.txt

    It will export the results to notepad and then automatically open notepad.

    Now all you need to do is copy and paste those results to a reply here
    to do that:
    From the notepad menu - choose Edit - Select all
    all the text will be highlighted
    Next
    From the notepad menu - choose Edit - Copy
    Now go back to the forum - reply and then right click in the reply box and paste
    ------------------------------------------------------------------------


    ------------------------------------------------------------------------
    Services

    We would like to see some status information for each of the services listed below to do this goto

    Start> {Run in XP} {Search box in Vista/W7}> CMD to open a DOS window and type:
    SERVICES.MSC
    OR
    Control Panel>
    Administrative Tools>
    Services>

    then for each of the servies listed below - Please post back the following status information -
    If the service is Started/Stopped
    and
    If the service is Automatic/Manual

    • COM+ Event System (for WZC issues)
    • Computer Browser
    • DHCP Client
    • DNS Client
    • Network Connections
    • Network Location Awareness
    • Remote Procedure Call (RPC)
    • Server
    • TCP/IP Netbios helper
    • Wireless Zero Configuration (XP wireless configurations only)
    • WLAN AutoConfig (Windows 7 & Vista wireless configurations only)
    • Workstation


    If a service is not running,
    right click on the service
    then click on properties and now check the dependencies.

    Check each of the dependencies and see which one is preventing the service from running.

    Also to help us identify what may be causing the issue
    Check the event log, there may be clues to what is failing. To do that
    Start >
    control panel >
    administrative tools >
    event Viewer>

    ------------------------------------------------------------------------
     
  3. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    Thank you very much for your reply.

    Here's the info i've been able to gather. It's not an English-language machine, but I imagine it's clear enough. If not, let me know, and I'll venture a translation.

    Microsoft Windows XP [Versjon 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corporation

    C:\Documents and Settings\JE>ipconfig /all

    Windows IP-konfigurasjon

    Vertsnavn . . . . . . . . . . . : ADMIN-1D1CF0B5F
    Primær DNS-suffiks . . . . . . . :
    Nodetype . . . . . . . . . . . . : Unknown
    IP-ruting aktivert . . . . . . . : No
    WINS Proxy aktivert. . . . . . . : No

    Ethernet-kort Lokal tilkobling 4:

    Medietilstand. . . . . . . . . . : Disconnected
    Beskrivelse . . . . . . . . . . : TAP-Win32 Adapter V9
    Fysisk adresse . . . . . . . . . : 00-FF-CB-4E-8C-F1

    Ethernet-kort Lokal tilkobling:

    Tilkoblingsspesifikt DNS-suffiks :
    Beskrivelse . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Et
    hernet NIC (Note: This is the old connection that suddenly quit working)
    Fysisk adresse . . . . . . . . . : 00-18-F3-09-20-3E
    DHCP aktivert. . . . . . . . . . : Yes
    Automatisk konfigurasjon aktivert: Yes
    IP-adresse . . . . . . . . . . . : 0.0.0.0
    Nettverksmaske . . . . . . . . . : 0.0.0.0
    IP-adresse . . . . . . . . . . . : fe80::218:f3ff:fe09:203e%8
    Standard gateway . . . . . . . . :
    DHCP-server. . . . . . . . . . . : 192.168.0.1
    DNS-servere. . . . . . . . . . . : 192.168.0.1
    fec0:0:0:ffff::1%2
    fec0:0:0:ffff::2%2
    fec0:0:0:ffff::3%2
    NetBIOS over TCP/IP. . . . . . . : Deactivated

    Tunnelkort Teredo Tunneling Pseudo-Interface:

    Tilkoblingsspesifikt DNS-suffiks :
    Beskrivelse . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Fysisk adresse . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
    DHCP aktivert. . . . . . . . . . : No
    IP-adresse . . . . . . . . . . . : fe80::ffff:ffff:fffd%7
    Standard gateway . . . . . . . . :
    NetBIOS over TCP/IP. . . . . . . : Deactivated

    Ethernet-kort Lokal tilkobling 5: (Note: This is the new network adapter I installed)

    Tilkoblingsspesifikt DNS-suffiks :
    Description . . . . . . . . . . :
    Fysisk adresse . . . . . . . . . : 00-0A-CD-1F-9C-DD
    DHCP activated. . . . . . . . . . : No
    IP-adresse . . . . . . . . . . . : fe80::20a:cdff:fe1f:9cdd%4
    Standard gateway . . . . . . . . :
    NetBIOS over TCP/IP. . . . . . . : Deactivated

    Services

    COM+ Event System (for WZC issues) - Started, manual

    Computer Browser - Not marked as started, Automatic . Dependent on Server and Workstation. When I try to start this, it stops immediately.

    DHCP Client - Not marked as started, Automatic. This is dependent on AFD and Driver for TCP/IP protocol. When I try to start this, I get the message: Cannot start the service DHCP. Error 1075: The service that this service depends on does not exist or has been marked for deletion

    DNS Client - Started, automatic

    Network Connections - Started, manual

    Network Location Awareness - Started, manual

    Remote Procedure Call (RPC) - Started, automatic

    Server - Started, automatic

    TCP/IP Netbios helper - Not marked as started, Automatic. Dependent on AFD. When I try to start, I get the same massage as for DHCP client above. How do I check AFD? And what is it?

    Wireless Zero Configuration (XP wireless configurations only) - Started, automatic

    WLAN AutoConfig (Windows 7 & Vista wireless configurations only) - N/A

    Workstation - Started, automatic


    Events

    In the Event viewer, the first thing that's logged after I boot the computer is an error with source PerfNet, Event-ID 2004. Description: Cannot open server service.

    Apart from that, there are no obvious clues on the Event list.
     
  4. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,910
    lets try a tcp/ip reset see below - unlikely
    as this is the problem

    this is the problem

    see if you can start see below

    it maybe a virus

    ------------------------------------------------------------------------

    http://www.blackviper.com/windows-services/dhcp-client/

    To verify that the dependency components are running. Follow the steps below:
    • Click Start, Run and type DEVMGMT.MSC
    • In the View menu, click Show hidden devices
    • Double-click Non-Plug and Play drivers section
    • Double-click the entry AFD, "Ancillary Function Driver for winsock" and click the Driver tab
    Whats the startup type set to ?
    • Start the service. Note down the error message if any.


    Similarly start the other drivers namely:
    NetIO legacy TDI support driver
    TCP/IP Protocol Driver
    Network store interface service - http://www.blackviper.com/windows-services/network-store-interface-service/
    NSI proxy service

    Post back if all are started and any error messages

    • Now check if you can start the DHCP client service.

    Start, Programs\Accessories and right click on Command Prompt, select "Run as Administrator" to open a command prompt.
    Note: Type only the text in bold for the following commands.
    net start dhcp client
    Please note and post back - if you receive the message
    Access is Denied

    Post back the results here - we need to know these commands worked correctly
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste


    --------------------------------


    ------------------------------------------------------------------------

    TCP/IP stack repair options for use with Windows XP with SP2/SP3

    Start, Run, CMD to open a command prompt:

    In the command prompt window that opens, type type the following commands:

    Note: Type only the text in bold for the following commands.

    Reset TCP/IP stack to installation defaults, type: netsh int ip reset reset.log
    and press enter

    Reset WINSOCK entries to installation defaults, type: netsh winsock reset catalog
    and press enter

    Reboot the machine.

    Please note and post back - if you receive the message
    Access is Denied

    Post back the results here
    rightclick in the box
    select all
    enter
    control key + C key - to copy
    then reply here and
    control key + V to paste
    ------------------------------------------------------------------------
     
  5. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    Thanks a lot for helping me with this! It's starting to look like a virus, I guess.

    AFD: Started
    Startup type: System

    NetIO Legacy TDI support driver: Can't find it on the list

    TCP/IP Protocol Driver: Can't find it on the list

    Network store interface service: Can't find it on the list

    NSI Proxy Service: Can't find it on the list


    On command prompt, having run it as the only user listed (which is not Admin, but I can't find it):

    C:\WINDOWS>net start dhcp client
    System error 5 has occurred

    Access denied

    C:\WINDOWS>


    Resetting to installation defaults seems to have worked with no error.


    After rebooting, the problem persists.
     
  6. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,910
  7. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    I ran Hijack this and got the log, but DDS freezes the computer after a couple of minutes, so no log there. GMER does not, as far as I can tell, warn of any rootkit activity, so I didn't run the full scan.

    More info that could be important: Avast antivirus gave me a warning about a suspicious file called Dplaysvr.exe, which it found in the Documents and Settings folder. I think it's a little strange to encounter that file outside of the System32 folder. Apparently, Avast allowed it to run in the sandbox. I deleted the exe-file, but it seems to be accompanied by a dll-file that I'm not allowed to delete.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:04:19, on 4/21/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programfiler\Analog Devices\Core\smax4pnp.exe
    C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe
    C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\vVX1000.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
    C:\Programfiler\DivX\DivX Update\DivXUpdate.exe
    C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programfiler\uTorrent\uTorrent.exe
    C:\Programfiler\Skype\Phone\Skype.exe
    C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programfiler\Messenger\msmsgs.exe
    C:\Programfiler\Logitech\SetPoint\SetPoint.exe
    C:\Programfiler\OnlyWire\OnlyWireWindows.exe
    C:\Programfiler\CASIO\Photo Loader\Plauto.exe
    C:\Programfiler\Java\jre6\bin\javaw.exe
    C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe
    C:\Programfiler\MagicDisc\MagicDisc.exe
    C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Programfiler\OpenOffice.org 3\program\soffice.exe
    C:\Programfiler\OpenOffice.org 3\program\soffice.bin
    C:\Programfiler\Exstora\Exstora.exe
    C:\Programfiler\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\java.exe
    C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
    C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Programfiler\Application Updater\ApplicationUpdater.exe
    C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Programfiler\Java\jre6\bin\jqs.exe
    C:\Programfiler\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
    M:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=us&.done=http://m.www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
    R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
    O1 - Hosts: 94.63.147.16 www.google.com
    O1 - Hosts: 94.63.147.17 www.bing.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll (file missing)
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programfiler\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll (file missing)
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [LifeCam] "C:\Programfiler\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programfiler\Fellesfiler\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programfiler\Fellesfiler\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Programfiler\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [SearchSettings] "C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Search Protection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [xewuysuvrwcm] c:\documents and settings\je\lokale innstillinger\programdata\ivudmx\xjnscmb.exe
    O4 - HKCU\..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe
    O4 - HKCU\..\Run: [cebcdbbddaedadcdct] "C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe
    O4 - Startup: MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Snarvei til Exstora.lnk = C:\Programfiler\Exstora\Exstora.exe
    O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: OnlyWire.LNK = ?
    O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe
    O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programfiler\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137417613093
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/18/defaults/activex/ips/IPSUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Application Updater - Spigot, Inc. - C:\Programfiler\Application Updater\ApplicationUpdater.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Browser Defender Update Service - Unknown owner - C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Googles oppdateringstjeneste (gupdate) (gupdate) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
    O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 14421 bytes
     
  8. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,910
    moved to the virus forum
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Download the following tool to a different PC, Save to a USB flash drive (memory stick) or CD and transfer to the Desktop of the infected PC....

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  10. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    Infected with Rootkit.ZeroAccess. It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.

    The first time I ran Combofix, it caught the infection, but then seemed to freeze the computer. It also noted that the computer does not have Microsoft Windows recovery console, and without net access it can't download it.

    Combofix tells me about the infection via a popup called Combofix. Then, as it continues to run, I get another popup that's called Rootkit. It says "Rootkit is detected. Be patient as this may take some moments." There's an OK button which I did not press. After 3 minutes of running Combofix, the computer is frozen.

    I rebooted, and there was still no net access. I ran Combofix again, same result - popups, then the computer freezes.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Re-boot to safe mode and try CF again....
     
  12. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    The same happens in safe mode. I have also tried Symantec ZeroAccess Remover and another program specific for this virus - they don't find the infection at all.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Transfer the following to the desktop of the sick PC as you did with Combofix

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Stadard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      netsvcs
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      msconfig
      %SYSTEMDRIVE%\*.exe
      %LOCALAPPDATA%\*.exe
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      CREATERESTOREPOINT
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Kevin
     
  14. Theolini

    Theolini Thread Starter

    Joined:
    Apr 20, 2012
    Messages:
    25
    Here are the two files, OTL.txt first, then Extras.txt:


    OTL logfile created on: 4/21/2012 17:14:25 - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\JE\Skrivebord
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

    2,94 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 79,78% Memory free
    4,78 Gb Paging File | 4,38 Gb Available in Paging File | 91,59% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
    Drive C: | 74,53 Gb Total Space | 30,59 Gb Free Space | 41,04% Space Free | Partition Type: NTFS
    Drive E: | 367,71 Gb Total Space | 324,62 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
    Drive J: | 465,76 Gb Total Space | 213,05 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
    Drive L: | 931,28 Gb Total Space | 434,11 Gb Free Space | 46,61% Space Free | Partition Type: FAT32
    Drive M: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,93% Space Free | Partition Type: FAT32

    Computer Name: ADMIN-1D1CF0B5F | User Name: JE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/21 17:08:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JE\Skrivebord\OTL.exe
    PRC - [2012/04/12 10:39:18 | 000,980,832 | ---- | M] (Spigot, Inc.) -- C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe
    PRC - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Programfiler\Application Updater\ApplicationUpdater.exe
    PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programfiler\Alwil Software\Avast5\AvastUI.exe
    PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programfiler\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/04/08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe
    PRC - [2011/01/17 20:44:52 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 20:44:52 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/01/22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009/06/19 18:12:51 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe
    PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Programfiler\MagicDisc\MagicDisc.exe
    PRC - [2009/02/03 15:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe
    PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/04/28 05:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\HP1006MC.EXE
    PRC - [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft LifeCam\MSCamS32.exe
    PRC - [2007/04/10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
    PRC - [2007/01/26 12:36:44 | 000,495,616 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    PRC - [2006/12/20 11:34:02 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe
    PRC - [2006/12/11 07:16:10 | 000,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    PRC - [2004/12/14 03:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/18 16:13:53 | 001,767,424 | ---- | M] () -- C:\Programfiler\Alwil Software\Avast5\defs\12041801\algo.dll
    MOD - [2011/12/03 17:12:56 | 000,103,424 | ---- | M] () -- C:\Programfiler\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
    MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programfiler\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programfiler\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/03/10 23:48:41 | 000,985,088 | ---- | M] () -- C:\Programfiler\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/06/08 04:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
    MOD - [2010/03/21 20:19:50 | 000,094,208 | ---- | M] () -- C:\Programfiler\FileZilla FTP Client\fzshellext.dll
    MOD - [2009/07/13 20:50:04 | 000,325,120 | ---- | M] () -- C:\Programfiler\TeraCopy\TeraCopy.dll
    MOD - [2009/04/27 11:55:12 | 000,678,400 | ---- | M] () -- C:\Programfiler\IZArc\IZArcCM.dll
    MOD - [2007/01/26 12:36:44 | 000,495,616 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    MOD - [2006/11/15 11:57:54 | 004,534,272 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
    MOD - [2006/11/15 09:58:54 | 000,021,504 | R--- | M] () -- C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
    MOD - [2006/08/11 21:43:10 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
    MOD - [2006/03/09 16:45:36 | 000,081,920 | R--- | M] () -- C:\Programfiler\Fellesfiler\Teleca Shared\boost_log-vc71-mt-1_33.dll
    MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programfiler\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programfiler\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/06/26 08:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ggty\pev.3XE -- (PEVSystemStart)
    SRV - [2010/05/10 12:20:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programfiler\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/01/18 15:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programfiler\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2009/12/09 16:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programfiler\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2007/05/17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005/10/06 20:12:52 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Scutum50.sys -- (Scutum50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JE\LOKALE~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tdtvrhxv.sys -- (bnroyqr)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.netbt)
    DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/09/06 12:10:02 | 000,119,040 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
    DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programfiler\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2009/12/10 11:16:02 | 000,803,328 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
    DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/12/16 05:04:24 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
    DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2007/04/10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
    DRV - [2007/02/08 11:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)
    DRV - [2007/02/08 11:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
    DRV - [2007/02/08 11:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)
    DRV - [2007/02/08 11:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)
    DRV - [2007/02/08 11:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
    DRV - [2007/02/08 11:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
    DRV - [2007/02/08 11:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus) Sony Ericsson Device 0A1 driver (WDM)
    DRV - [2006/10/30 02:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
    DRV - [2006/08/14 21:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2006/03/17 10:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [2006/02/07 10:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
    DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2001/12/19 12:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=us&.done=http://m.www.yahoo.com/
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_no
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=FXT
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://no.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programfiler\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programfiler\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programfiler\Tracker Software\npPDFXCviewNPPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programfiler\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programfiler\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programfiler\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programfiler\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programfiler\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programfiler\Tracker Software\npPDFXCviewNPPlugin.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programfiler\WaterProof\PHPEdit\3.4.6\Tools\FirefoxExtension\unpacked [2009/12/03 16:17:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Programfiler\Spyware Doctor\BDT\FireFox\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programfiler\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/15 15:03:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programfiler\Alwil Software\Avast5\WebRep\FF [2012/04/12 22:11:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programfiler\Mozilla Firefox\components [2012/03/17 20:09:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programfiler\Mozilla Firefox\plugins [2012/03/24 14:08:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programfiler\WaterProof\PHPEdit\3.4.6\Tools\FirefoxExtension\unpacked [2009/12/03 16:17:23 | 000,000,000 | ---D | M]

    [2009/12/15 19:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Extensions
    [2009/11/16 15:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2009/06/19 22:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\extensions
    [2009/06/19 22:18:37 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2012/04/13 09:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions
    [2010/04/28 09:42:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/14 09:29:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/04/10 16:21:38 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2012/03/31 10:31:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/01/22 12:13:29 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
    [2012/03/13 21:56:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\JE\Programdata\Mozilla\Firefox\Profiles\w7ja2fr5.default\extensions\[email protected]
    [2011/12/21 15:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
    [2012/03/17 20:09:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programfiler\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programfiler\mozilla firefox\plugins\npdeployJava1.dll
    [2011/10/28 21:17:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programfiler\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2011/10/01 11:16:00 | 000,001,525 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/10/01 11:16:00 | 000,002,252 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bing.xml
    [2011/10/01 11:16:00 | 000,001,218 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\bok-NO.xml
    [2011/10/01 11:16:00 | 000,000,968 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\qxl-NO.xml
    [2011/10/01 11:16:00 | 000,001,203 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
    [2011/10/01 11:16:00 | 000,001,176 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\wikipedia-NO.xml
    [2011/10/01 11:16:00 | 000,001,192 | ---- | M] () -- C:\Programfiler\mozilla firefox\searchplugins\yahoo-NO.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programfiler\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programfiler\Google\Chrome\Application\18.0.1025.162\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Programfiler\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Programfiler\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Programfiler\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Programfiler\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programfiler\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programfiler\Windows Media Player\npwmsdrm.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Programfiler\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Programfiler\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programfiler\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: avast! WebRep = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/04/18 16:05:24 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 94.63.147.16 www.google.com
    O1 - Hosts: 94.63.147.17 www.bing.com
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll File not found
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programfiler\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll File not found
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programfiler\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programfiler\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll File not found
    O3 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programfiler\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programfiler\Fellesfiler\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programfiler\Fellesfiler\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Programfiler\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DivXUpdate] C:\Programfiler\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe File not found
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LifeCam] C:\Programfiler\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SearchSettings] C:\Programfiler\Fellesfiler\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programfiler\Fellesfiler\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Programfiler\Fellesfiler\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [YSearchProtection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [cebcdbbddaedadcdct] C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe ()
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [dplaysvr] C:\Documents and Settings\JE\Programdata\dplaysvr.exe File not found
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [Search Protection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [uTorrent] C:\Programfiler\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [xewuysuvrwcm] c:\documents and settings\je\lokale innstillinger\programdata\ivudmx\xjnscmb.exe File not found
    O4 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007..\Run: [YSearchProtection] C:\Programfiler\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
    O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\OnlyWire.LNK = C:\Programfiler\OnlyWire\OnlyWireWindows.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Photo Loader supervisory.lnk = C:\Programfiler\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
    O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\Dropbox.lnk = C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\MagicDisc.lnk = C:\Programfiler\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\OpenOffice.org 3.3.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\JE\Start-meny\Programmer\Oppstart\Snarvei til Exstora.lnk = C:\Programfiler\Exstora\Exstora.exe (Exstora.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: Google Sidewiki - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programfiler\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137417613093 (WUWebControl Class)
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/18/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{605CB29E-C9ED-48A6-851F-FF9AE0F76CE8}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programfiler\Fellesfiler\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Fellesfiler\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programfiler\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll) - c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop Components:0 (Min gjeldende hjemmeside) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\JE\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/01/16 22:12:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/01/16 22:12:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - L:\AUTORUN.INF -- [ FAT32 ]
    O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - L:\AUTORUN -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programfiler\Steam\Steam.exe (Valve Corporation)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/21 17:08:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JE\Skrivebord\OTL.exe
    [2012/04/21 16:52:00 | 000,000,000 | --SD | C] -- C:\ggty
    [2012/04/21 15:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JE\Programdata\FixZeroAccess
    [2012/04/21 14:34:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/21 14:34:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/21 14:34:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/21 14:34:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/21 14:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/04/21 14:34:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/21 14:30:53 | 004,470,025 | R--- | C] (Swearware) -- C:\Documents and Settings\JE\Skrivebord\ggty.exe
    [2012/04/21 12:10:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenter\Mine videoer
    [2012/04/21 12:10:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JE\Start-meny\Programmer\Administrative verktøy
    [2012/04/21 12:10:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JE\Skrivere
    [2012/04/21 11:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JE\Skrivebord\Stuff from desktop
    [2012/04/19 16:27:27 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
    [2012/04/19 16:27:26 | 000,803,328 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
    [2012/04/19 16:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Programdata\Jensen Driver
    [2012/04/19 14:34:25 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
    [2012/04/19 14:34:25 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
    [2012/04/18 17:21:08 | 000,048,224 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\JE\Programdata\dplayx.dll
    [2012/04/13 09:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JE\Programdata\Search Settings
    [2012/04/13 09:33:30 | 000,000,000 | ---D | C] -- C:\Programfiler\Fellesfiler\Spigot
    [2012/04/13 09:33:30 | 000,000,000 | ---D | C] -- C:\Programfiler\pdfforge Toolbar
    [2012/04/13 09:33:30 | 000,000,000 | ---D | C] -- C:\Programfiler\Application Updater
    [2012/04/13 09:32:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/04/11 18:57:44 | 000,000,000 | ---D | C] -- C:\Programfiler\Market Samurai
    [2012/03/24 14:05:50 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\JE\Mine dokumenter\wmpfirefoxplugin.exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/21 17:17:22 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe
    [2012/04/21 17:11:57 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/04/21 17:11:39 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/21 17:10:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/21 17:08:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JE\Skrivebord\OTL.exe
    [2012/04/21 15:23:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/21 14:29:34 | 004,470,025 | R--- | M] (Swearware) -- C:\Documents and Settings\JE\Skrivebord\ggty.exe
    [2012/04/20 23:56:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/20 22:12:17 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\JE\Lokale innstillinger\Programdata\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/19 17:45:55 | 000,483,614 | ---- | M] () -- C:\WINDOWS\System32\perfh014.dat
    [2012/04/19 17:45:55 | 000,481,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/19 17:45:55 | 000,089,028 | ---- | M] () -- C:\WINDOWS\System32\perfc014.dat
    [2012/04/19 17:45:55 | 000,079,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/18 16:05:36 | 000,048,224 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\JE\Programdata\dplayx.dll
    [2012/04/13 20:24:47 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Google Chrome.lnk
    [2012/04/12 22:51:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/04/12 22:11:44 | 000,002,622 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/04/11 18:57:49 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Market Samurai.lnk
    [2012/04/04 15:04:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2012/04/01 02:00:01 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ADMIN-1D1CF0B5F-JE.job
    [2012/03/24 14:05:56 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\JE\Mine dokumenter\wmpfirefoxplugin.exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/21 14:34:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/21 14:34:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/21 14:34:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/21 14:34:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/21 14:34:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/19 16:27:26 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
    [2012/04/18 17:21:18 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\All Users\Programdata\cebcdbbddaedadcdct.exe
    [2012/04/11 18:57:49 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Programmer\Market Samurai.lnk
    [2012/04/11 18:57:49 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Market Samurai.lnk
    [2012/04/04 15:04:32 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2012/03/13 23:49:12 | 000,242,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\WPFFontCache_v0400-System.dat
    [2012/03/13 23:49:12 | 000,242,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\WPFFontCache_v0400-S-1-5-21-1681404727-1096885980-213270738-1007-0.dat
    [2012/02/15 09:53:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/12/22 17:58:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
    [2011/04/07 22:02:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
    [2011/02/07 14:21:39 | 000,017,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/01/19 23:17:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

    ========== LOP Check ==========

    [2010/07/13 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Alwil Software
    [2012/04/19 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Jensen Driver
    [2010/08/10 22:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Micro Niche Finder
    [2011/10/09 15:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\migrateos
    [2011/10/09 15:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Paragon
    [2011/05/27 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\regid.1986-12.com.adobe
    [2010/02/18 19:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Rosetta Stone
    [2009/06/19 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\Teleca
    [2012/04/21 17:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\TEMP
    [2009/06/19 22:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Programdata\WinTrade
    [2011/04/20 16:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\AnvSoft
    [2012/03/12 23:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\calibre
    [2012/04/21 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Dropbox
    [2010/02/22 21:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Exstora
    [2012/04/16 22:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\FileZilla
    [2012/04/21 15:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\FixZeroAccess
    [2009/06/19 22:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Foxit
    [2011/12/18 11:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Foxit Software
    [2011/04/20 16:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\iJoysoft
    [2009/07/13 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\ImgBurn
    [2010/09/02 19:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\inkscape
    [2011/06/02 22:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Keyword Research Pro
    [2010/03/31 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Leadertech
    [2011/02/06 22:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2010/08/28 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\NewsLeecher
    [2011/08/28 17:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Notepad++
    [2009/06/19 21:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\OpenOffice.org
    [2010/11/21 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Opera
    [2011/01/20 09:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\pdfforge
    [2012/04/13 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Search Settings
    [2011/12/19 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Spotify
    [2009/10/17 15:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Teleca
    [2012/04/21 17:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\TeraCopy
    [2010/10/20 12:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Tracker Software
    [2010/02/25 13:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\TypingMaster7
    [2012/04/21 17:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\uTorrent
    [2009/12/03 16:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\WaterProof
    [2011/06/02 20:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Web Content Studio
    [2011/05/30 21:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\Web Content Studio LITE
    [2009/07/06 14:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JE\Programdata\WinTrade

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %SYSTEMDRIVE%\*.exe >
    [2010/02/22 21:23:24 | 000,380,315 | ---- | M] () -- C:\Exstora_v_2.6_en.exe
    Invalid Environment Variable: LOCALAPPDATA

    < MD5 for: EXPLORER.EXE >
    [2004/08/04 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=0B4A898DE1AA20D133C91BA260E7A8A1 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=8059C34B6F4758F678E975665EADFD87 -- C:\WINDOWS\explorer.exe
    [2008/04/14 18:22:49 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=8059C34B6F4758F678E975665EADFD87 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 18:23:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2FADE3D461E99941AAA13E0B83385B46 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/14 18:23:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2FADE3D461E99941AAA13E0B83385B46 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/04 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=C4D272D897700C7AD4B8E8454CD08676 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 21:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=025D58A521E0063B92ADEBD84F147E68 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 18:23:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5EE32955C86D583627F8D37350C1E145 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/14 18:23:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5EE32955C86D583627F8D37350C1E145 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 18:23:17 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=15CCFEC060818DAB936B8C5FAEEE21F9 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/14 18:23:17 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=15CCFEC060818DAB936B8C5FAEEE21F9 -- C:\WINDOWS\system32\winlogon.exe
    [2004/08/04 21:00:00 | 000,501,248 | ---- | M] (Microsoft Corporation) MD5=765B39061CA16D01ABFEA752C5E2DB8F -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
    [C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Programdata\TEMP:A8ADE5D8

    < End of report >





    OTL Extras logfile created on: 4/21/2012 17:14:25 - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\JE\Skrivebord
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: USA | Language: ENU | Date Format: M/d/yyyy

    2,94 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 79,78% Memory free
    4,78 Gb Paging File | 4,38 Gb Available in Paging File | 91,59% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programfiler
    Drive C: | 74,53 Gb Total Space | 30,59 Gb Free Space | 41,04% Space Free | Partition Type: NTFS
    Drive E: | 367,71 Gb Total Space | 324,62 Gb Free Space | 88,28% Space Free | Partition Type: NTFS
    Drive J: | 465,76 Gb Total Space | 213,05 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
    Drive L: | 931,28 Gb Total Space | 434,11 Gb Free Space | 46,61% Space Free | Partition Type: FAT32
    Drive M: | 3,73 Gb Total Space | 3,72 Gb Free Space | 99,93% Space Free | Partition Type: FAT32

    Computer Name: ADMIN-1D1CF0B5F | User Name: JE | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_USERS\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Programfiler\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Programfiler\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Programfiler\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Programfiler\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Programfiler\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
    "C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\spool\drivers\W32X86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\W32X86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
    "C:\Programfiler\uTorrent\uTorrent.exe" = C:\Programfiler\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Programfiler\Steam\steamapps\common\sid meier's railroads\RailRoads.exe" = C:\Programfiler\Steam\steamapps\common\sid meier's railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads -- (Firaxis Games, Inc)
    "C:\Programfiler\Spotify\spotify.exe" = C:\Programfiler\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Programfiler\WaterProof\PHPEdit\3.4.6\PHPEdit.exe" = C:\Programfiler\WaterProof\PHPEdit\3.4.6\PHPEdit.exe:*:Enabled:pHPEdit -- ()
    "C:\Programfiler\Microsoft LifeCam\LifeCam.exe" = C:\Programfiler\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Programfiler\Microsoft LifeCam\LifeExp.exe" = C:\Programfiler\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
    "C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
    "C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Programfiler\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
    "C:\Programfiler\Opera\opera.exe" = C:\Programfiler\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\JE\Programdata\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Programfiler\OnlyWire\OnlyWireWindows.exe" = C:\Programfiler\OnlyWire\OnlyWireWindows.exe:*:Enabled:OnlyWire Submitter -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{0317400B-698E-4F22-A1CB-AA91D9D0D118}" = Power Article Rewriter
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Jensen AL25150
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{350C9414-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EAC35F4-FF26-4123-9404-0B5B93DAB570}" = Microsoft .NET Framework 1.1 Norwegian Language Pack
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40631ADD-7633-F1F1-32D2-D1FB6374BAFB}" = Market Samurai
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{548904BC-BC37-4660-B8F8-6639A4D23520}" = pdfforge Toolbar v5.4
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{668B2B3A-4241-409F-A4AE-79B5016A487E}" = Sony Ericsson PC Suite
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1E
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7F23C6B7-88FA-4336-A870-5ED9598E22C7}" = calibre
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82809223-2CAC-4681-956A-86C1884A48B4}" = WinTrade 11.5.12
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{8F23E786-61A7-4708-B7C2-1A41DFD79162}" = OpenOffice.org 3.3
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.0 beta 1
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1044-7B44-A70000000000}" = Adobe Reader 7.0 - Norsk
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D335CD4C-22C8-4A33-802A-294A1DF4CECB}" = Web Content Studio
    "{D4378A80-C713-11DF-9399-005056C00008}" = Paragon Migrate OS to SSD&#8482;
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9FD2842-0821-413D-BB3B-E207121E0D60}" = Keyword Research Pro
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-tillegg til CD-brenningsveiviser for Microsoft Windows XP
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Agfa ScanWise 2.00" = Agfa ScanWise 2.00
    "Any Video Converter_is1" = Any Video Converter 3.2.2
    "Ask Toolbar_is1" = Foxit Toolbar
    "avast" = avast! Free Antivirus
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Cool MP3 Splitter_is1" = Cool MP3 Splitter 2.02
    "Digital Editions" = Adobe Digital Editions
    "DivX Setup" = DivX Setup
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "EOS Utility" = Canon Utilities EOS Utility
    "Exstora" = Exstora 2.6
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "Foxit Reader_is1" = Foxit Reader 5.0
    "Gogo MP3 To CD Burner_is1" = Gogo MP3 To CD Burner
    "Google Chrome" = Google Chrome
    "Hide My ***! Pro" = Hide My ***! Pro 1.8
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "Inkscape" = Inkscape 0.48.0
    "InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Micro Niche Finder_is1" = Micro Niche Finder
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 11.0 (x86 nb-NO)" = Mozilla Firefox 11.0 (x86 nb-NO)
    "MP3 Manager" = MP3 Manager
    "NewsLeecher_is1" = NewsLeecher v3.9 Final
    "Notepad++" = Notepad++
    "NVIDIA Drivers" = NVIDIA Drivers
    "OnlyWire" = OnlyWire
    "Opera 11.62.1347" = Opera 11.62
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "Paint Shop Pro 4.12 Shareware" = Paint Shop Pro 4.12 Shareware
    "PHPEdit" = PHPEdit 3.4.6
    "pycrypto-py2.7" = Python 2.7 pycrypto-2.1.0
    "Quick Search Box" = Googles hurtigsøkfelt
    "RealPlayer 6.0" = RealPlayer
    "Spotify" = Spotify
    "Spyware Doctor" = Spyware Doctor 7.0
    "Steam App 7600" = Sid Meier's Railroads
    "TeraCopy_is1" = TeraCopy 2.12
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 0.9.9
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Search Defender" = Yahoo! Search Protection
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager
    "YTdetect" = Yahoo! Detect
    "ZMBV" = Zip Motion Block Video codec (Remove Only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1681404727-1096885980-213270738-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "04ac28dc7fbde18f" = Ultimate Niche Finder
    "48a013895e6b1631" = Ultra Simple Web Browser
    "Dropbox" = Dropbox
    "GoogleToolBar" = GoogleToolBar
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 11/5/2009 16:28:38 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 11/6/2009 09:20:47 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 11/6/2009 12:41:20 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 11/8/2009 11:42:24 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 11/8/2009 13:53:39 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 11/9/2009 13:45:50 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 11/11/2009 13:34:41 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:57:23 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    Error - 12/23/2009 10:57:23 | Computer Name = ADMIN-1D1CF0B5F | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 4/20/2012 06:13:11 | Computer Name = ADMIN-1D1CF0B5F | Source = Application Error | ID = 1000
    Description = Feilende program pdftohtml.exe, versjon 0.0.0.0, feilende modul msvcr90.dll,
    versjon 9.0.30729.6161, feiladresse 0x0003bedb.

    Error - 4/20/2012 06:13:48 | Computer Name = ADMIN-1D1CF0B5F | Source = Application Error | ID = 1000
    Description = Feilende program pdftohtml.exe, versjon 0.0.0.0, feilende modul msvcr90.dll,
    versjon 9.0.30729.6161, feiladresse 0x0003bedb.

    Error - 4/20/2012 09:23:42 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    Error - 4/20/2012 17:57:05 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    Error - 4/21/2012 04:55:57 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    Error - 4/21/2012 06:29:18 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    Error - 4/21/2012 08:34:46 | Computer Name = ADMIN-1D1CF0B5F | Source = Application Error | ID = 1000
    Description = Feilende program exstora.exe, versjon 2.6.0.0, feilende modul exstora.exe,
    versjon 2.6.0.0, feiladresse 0x0001df82.

    Error - 4/21/2012 08:56:43 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    Error - 4/21/2012 09:39:22 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    Error - 4/21/2012 10:02:29 | Computer Name = ADMIN-1D1CF0B5F | Source = PerfNet | ID = 2004
    Description = Kan ikke åpne servertjenesten. Ytelsesdata for server vil ikke bli
    returnert. Den returnerte feilkoden er i data DWORD 0.

    [ System Events ]
    Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
    Description = Tjenesten DNS Client er avhengig av tjenesten Driver for TCP/IP-protokoll,
    som ikke kunne startes på grunn av feilen %%31

    Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
    Description = Tjenesten TCP/IP NetBIOS Helper er avhengig av tjenesten AFD, som
    ikke kunne startes på grunn av feilen %%31

    Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
    Description = Tjenesten IPv6-hjelpetjeneste er avhengig av tjenesten Microsoft IPv6-protokolldriver,
    som ikke kunne startes på grunn av feilen %%31

    Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7001
    Description = Tjenesten IPSEC Services er avhengig av tjenesten IPSEC-driver, som
    ikke kunne startes på grunn av feilen %%31

    Error - 4/21/2012 10:51:42 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7026
    Description = Følgende oppstarts- eller systemstartsdriver(e) kan ikke lastes inn:
    Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS RasAcd Rdbss SASDIFSV
    SASKUTIL
    Tcpip
    Tcpip6
    WS2IFSL

    Error - 4/21/2012 11:11:38 | Computer Name = ADMIN-1D1CF0B5F | Source = SCardSvr | ID = 602
    Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
    finner ikke angitt bane.

    Error - 4/21/2012 11:11:38 | Computer Name = ADMIN-1D1CF0B5F | Source = SCardSvr | ID = 602
    Description = Initialisering av WDM-leserdriveren kan ikke åpne leserenhet: Systemet
    finner ikke angitt bane.

    Error - 4/21/2012 11:11:40 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7000
    Description = Tjenesten Scutum50 NDIS Protocol Driver kan ikke startes på grunn
    av følgende feil: %%2

    Error - 4/21/2012 11:11:40 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7003
    Description = Tjenesten DHCP Client er avhengig av tjenesten NetBT, som ikke finnes.

    Error - 4/21/2012 11:11:40 | Computer Name = ADMIN-1D1CF0B5F | Source = Service Control Manager | ID = 7003
    Description = Tjenesten TCP/IP NetBIOS Helper er avhengig av tjenesten NetBT, som
    ikke finnes.


    < End of report >
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Put the following on the Desktop of sick PC as you`ve done with CF and OTL:

    Download Yorkyt.exe and save to your Desktop.


    Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"


    [​IMG]


    Select Yes to restart at the prompt.


    [​IMG]


    Let it restart again when prompted.


    [​IMG]


    Be patient as the tool is working after the 2nd reboot.


    [​IMG]


    Attach the Yorkyt.exe.log to your next message (it should be on your desktop)

    Try Combofix again after running the Yorkyt

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1050129