Låst skrivbord? Virus/trojan

15 december, 2008

Hej,

efter att en winrar-fil öppnats och en *.scr-fil aktiverats har nu skumma saker hänt.

Har kört visusprogrammet som hittat och tagit bort något.

Men nu kan jag varken höger eller vänsterklicka på ikonerna? Går inte öppna eller ta bort några ikoner. Däremot kan jag via "start" och "den här datorn" komma vidare.

Det enda som inte verkar funka är skrivbordet? Vet inte om det beror på scr filen eller något annat??

Har Ni någon idé?

15 december, 2008

Har kört visusprogrammet som hittat och tagit bort något.

Kan du få fram någon logg som visar vad som har tagits bort? Det ger ju bra ledtrådar.

Gärna även en länk till filen du laddat ner.

16 december, 2008

Hur gör jag det? Filen är borttagen och finns inte längre.

Fick filen via msn. Det verkar som att det funkar så länge msn fönstret är uppe, när man klickat ner det låser sig skrivbordet.

MSN verkar ha en viss betydelse i detta.

16 december, 2008

Där fick jag i alla fall lite mer nyttig information, det gäller alltså en MSN-mask.

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

16 december, 2008

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:55:24, on 2008-12-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Search Settings\SearchSettings.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\DAEMON Tools Pro\DTProAgent.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\HPQ\shared\hpqwmi.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\Philips\Media Manager\Philips Media Manager.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\Search Settings\kb126\SearchSettings.dll

O1 - Hosts: 68.142.79.69 www.happysex.ch

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\Search Settings\kb126\SearchSettings.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Logon] wsnhost.exe

O4 - HKLM\..\Run: [xpsys.exe] C:\WINDOWS\system32\xpsysw.exe

O4 - HKLM\..\RunServices: [Windows Logon] wsnhost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Media Player.lnk = C:\Program\Adobe Media Player\Adobe Media Player.exe

O4 - Startup: Philips Media Manager.lnk = C:\Program\Philips\Media Manager\Philips Media Manager.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: *.handelsbanken.se

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229080257765

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\shared\hpqwmi.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 11682 bytes

[/log]

16 december, 2008

Om du hittar något med SearchSettings i Kontrollpanelen - Lägg till eller ta bort program så ta bort det. Samma sak om där finns något

Är det här något du har ställt in själv?

O1 - Hosts: 68.142.79.69 www.happysex.ch

IP-adressen är till USA och inte till något land som har .ch

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\xpsysw.exe

C:\WINDOWS\system32\wsnhost.exe

C:\WINDOWS\wsnhost.exe

16 december, 2008

Har tagit bort SearchSettings.

Har ingen aning om vad happysex är för något, eller vart det kommer från?

Hitter endest xpsysw.exe filen fick svaret nedna.

0 bytes size received / Se ha recibido un archivo vacio

17 december, 2008

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

19 december, 2008

[log]"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (770 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

68.142.79.69 www.happysex.ch

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

{BDF3E430-B101-42AD-A544-FADC6B084872} (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"AutoTBar"=AUTOTBAR.EXE File not found

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"Cpqset"=C:\Program\HPQ\Default Settings\cpqset.exe ()

"eabconfg.cpl"=C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )

"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

"hpWirelessAssistant"=C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"Symantec NetDriver Monitor"=C:\Program\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)

"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

"URLLSTCK.exe"=C:\Program\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

"Windows Logon"=wsnhost.exe File not found

"xpsys.exe"=C:\WINDOWS\system32\xpsysw.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunServices Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Windows Logon"=wsnhost.exe File not found

========== (O4) Startup Folders ==========

[2004-12-14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2004-06-02 16:48:22 | 00,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\BTTray.lnk = C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

[2008-05-12 14:37:49 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

File not found -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Adobe Media Player.lnk = C:\Program\Adobe Media Player\Adobe Media Player.exe

[2006-07-14 08:48:16 | 00,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk = C:\Program\Philips\Media Manager\Philips Media Manager.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referensinformation -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-4017 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229080257765 -- WUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab -- Java Plug-in 1.5.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

========== (O17) DNS Name Servers ==========

{3F44E469-DE46-409A-B8EF-DA7402612F54} (Servers: | Description: 1394 Net Adapter)

{A67D86FA-AA51-4278-A1A1-E4B4314019B2} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{C9F6D075-BE73-4880-8A71-22324FCC4D8E} (Servers: | Description: Broadcom 802.11b/g WLAN)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008-05-09 11:57:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [;DA2007 Installer ver.: 2.1 | [autorun] | open=WAC_installer.exe | ]

[2007-06-06 04:17:41 | 00,000,064 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]

[2008-12-19 09:10:49 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-16 18:52:10 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:08 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-12-16 18:51:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-15 22:57:28 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-14 15:55:11 | 00,026,841 | ---- | C] () -- C:\WINDOWS\System32\xpsysw

[2008-12-14 15:54:22 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\xpsysw.exe

[2008-12-13 10:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Philips Media Manager Sample Media

[2008-12-13 10:06:00 | 00,000,886 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-13 10:05:34 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\i4j_jres

[2008-12-12 18:19:11 | 00,000,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 18:19:11 | 00,000,000 | ---D | C] -- C:\Program\Philips

[2008-12-12 12:33:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:11:38 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2008-12-08 21:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Games

[2008-12-08 21:17:36 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2008-12-08 21:17:36 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2008-12-08 21:17:35 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2008-12-08 21:17:34 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2008-12-08 21:17:33 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2008-12-08 21:17:19 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2008-12-08 21:17:18 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2008-12-08 21:17:18 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2008-12-08 21:17:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2008-12-08 21:17:16 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2008-12-08 21:17:15 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2008-12-08 21:17:14 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll

[2008-12-08 21:17:13 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2008-12-08 21:17:11 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2008-12-08 21:17:11 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

[2008-12-08 21:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\SherlockHolmesTheAwakenedv1.3NoDVDFixedexeEng

[2008-12-08 21:16:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2008-12-08 21:16:03 | 00,000,000 | ---D | C] -- C:\Program\AGEIA Technologies

[2008-12-08 21:15:41 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard

[2008-12-08 21:15:40 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-12-08 21:14:59 | 05,296,128 | R--- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\game.exe

[2008-12-08 21:08:38 | 00,000,000 | ---D | C] -- C:\Program\Focus

[2008-12-04 11:48:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\VA - Absolute Hits 2008

[2008-12-03 18:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Segelsemester 2008

[2008-11-24 14:35:01 | 00,000,957 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:34:09 | 01,122,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll

[2008-11-24 14:34:08 | 01,650,688 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll

[2008-11-24 14:34:08 | 01,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll

[2008-11-24 14:34:08 | 01,552,384 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll

[2008-11-24 14:34:08 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaw7.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaa6.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplapx.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplam6.dll

[2008-11-24 14:34:08 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2008-11-24 14:34:04 | 00,417,792 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl

[2008-11-24 14:34:03 | 00,000,000 | ---D | C] -- C:\Program\ACE Mega CoDecS Pack

[2008-11-24 12:12:55 | 51,622,242 | ---- | C] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:06:00 | 00,136,704 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\iacenc.dll

[2008-11-24 12:06:00 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008-11-24 12:05:57 | 00,000,000 | ---D | C] -- C:\Program\Ligos

[2008-11-24 12:03:49 | 02,068,266 | ---- | C] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:20 | 14,618,605 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:07:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Euro Truck Simulator

[2008-11-23 23:03:43 | 00,240,240 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

[2008-11-23 23:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:466F9D5D

[2008-11-22 16:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Ny mapp

[2008-11-22 16:25:04 | 00,000,000 | ---D | C] -- C:\Program\iPod

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Program\iTunes

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008-11-22 16:21:32 | 00,000,000 | ---D | C] -- C:\Program\QuickTime

========== Files - Modified Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008-12-19 09:10:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-19 09:10:05 | 00,026,841 | ---- | M] () -- C:\WINDOWS\System32\xpsysw

[2008-12-19 09:03:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-19 09:03:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-19 09:02:50 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-19 07:16:00 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-16 18:55:20 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:31 | 00,000,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008-12-16 18:51:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-14 15:54:22 | 00,023,040 | ---- | M] () -- C:\WINDOWS\System32\xpsysw.exe

[2008-12-14 15:36:35 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Mina delade mappar.lnk

[2008-12-13 12:58:56 | 00,181,760 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-13 10:09:36 | 00,000,886 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-12 18:19:11 | 00,000,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 12:33:39 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:31:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-12 12:28:02 | 00,933,196 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-12-12 12:28:02 | 00,412,338 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-12-12 12:28:02 | 00,409,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-12-12 12:28:02 | 00,076,836 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-12-12 12:28:02 | 00,064,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-12-11 23:38:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008-12-11 23:38:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-09 23:13:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008-12-09 23:13:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008-12-08 21:15:40 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-11-24 14:35:01 | 00,000,957 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:23:11 | 00,000,831 | ---- | M] () -- C:\WINDOWS\system.ini

[2008-11-24 12:16:29 | 51,622,242 | ---- | M] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:03:50 | 02,068,266 | ---- | M] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:55 | 14,618,605 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:03:43 | 00,240,240 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

< End of report >

OTViewIt Extras logfile created on: 2008-12-19 09:11:48 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1022,48 Mb Total Physical Memory | 471,81 Mb Available Physical Memory | 46,14% Memory free

2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 93,15 Gb Total Space | 35,31 Gb Free Space | 37,91% Space Free | Partition Type: NTFS

Drive D: | 426,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 968,96 Mb Total Space | 968,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STOP-21455814C3

Current User Name: Sibbe

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-11-30 11:32:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2007-06-05 14:12:14 | 04,681,785 | ---- | M] (Philips) -- C:\Program\Philips\WADM\WADM.exe:*:Enabled:WADM Application

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2004-06-02 16:16:20 | 00,110,592 | ---- | M] (WIDCOMM, Inc.) C:\WINDOWS\system32\BTXPPanel.dll (widimg:{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} (HKLM) [WidImg Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

""Fugawi40"_is1"=Fugawi 4

"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{12E2B9E9-05B1-407d-B0FD-B5F350535125}"=Norton Internet Security

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}"=MarketResearch

"{15C70064-2463-49dd-9A88-B700F75BB428}"=dj_sf_ProductContext

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet

"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}"=D2400

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager

"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}"=HP Image Zone Plus 4.8.5

"{33565C22-2E44-4B36-9147-23912E838F81}"=Wireless Audio Device Manager

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant

"{3B29A786-5803-4e9e-9B58-3014A5B4E519}"=Norton AntiSpam

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 1.01 A2

"{449F3A9E-9903-4a0d-A209-08030D45A935}"=Norton Internet Security

"{48185814-A224-447a-81DA-71BD20580E1B}"=Norton Internet Security

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}"=HPSSupply

"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}"=Norton Internet Security

"{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport

"{5677563D-0CB1-485f-9E18-C5025306BB3F}"=Norton AntiSpam

"{612DC38A-B36A-4699-88EB-12C7394DE2FC}"=TIxx21

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}"=HP Update

"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}"=AGEIA PhysX v6.10.25

"{75C22B40-6D12-4439-80DC-CAB3313EADA5}"=dj_sf_software_req

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC

"{87885939-F824-42bf-B790-231B1E8EF2BB}"=dj_sf_software

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8DE292EC-FA26-4526-BFEB-3EE820E97005}"=OpenOffice.org Installer 1.0

"{90120000-0020-041D-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}"=Bluetooth by hp

"{9112041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD

"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel

"{93F54611-2701-454e-94AB-623F458D9E6B}"=DeviceDiscovery

"{94FB906A-CF42-4128-A509-D353026A607E}"=REALTEK Gigabit and Fast Ethernet NIC Driver

"{9521B818-19CE-4d28-8200-DD26133E19E6}"=D2400_Help

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}"=The Awakened

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support

"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module

"{AC76BA86-7AD7-1053-7B44-A70000000000}"=Adobe Reader 7.0 - Svenska

"{AEA07F97-9088-497c-8821-0F36BD5DC251}"=HPProductAssistant

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist

"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005

"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari

"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 A2

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}"=Symantec Script Blocking Installer

"{D8F6834B-D5E7-4451-8681-B051ABD8561D}"=ccCommon

"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}"=CC_ccProxyExt

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security

"{E85FA9A1-C241-4698-893B-DD99509B8DB0}"=Norton WMI Update

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support

"{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}"=Microsoft Works

"{F5936267-D467-4e7b-8940-A7D9F0398EF3}"=HP Deskjet Printer Driver Software 9.0

"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update

"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime

"{FC08587A-4F01-4188-819F-F55880022917}"=ccPxyCore

"{FC2C0536-583C-46c0-844A-62CECAE01F22}"=Norton Internet Security

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}"=Status

"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1"=ACE Mega CoDecS Pack

"Adobe AIR"=Adobe AIR

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"All ATI Software"=ATI - Hjälp för avinstallation av program

"ATI Display Driver"=ATI Display Driver

"AviSynth"=AviSynth 2.5

"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter

"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C"=Conexant Data Fax Modem with SmartCP

"Conexant PCI Audio"=Conexant AC-97 Audio

"coverXP"=coverXP (remove only)

"DVD Shrink_is1"=DVD Shrink 3.2

"HijackThis"=HijackThis 2.0.2

"HP Imaging Device Functions"=HP Imaging Device Functions 9.0

"HP Solution Center & Imaging Support Tools"=HP Solution Center 9.0

"HPExtendedCapabilities"=HP Customer Participation Program 9.0

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"Indeo® Software"=Indeo® Software

"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}"=Texas Instruments PCIxx21/x515 drivers.

"LiveReg"=LiveReg (Symantec Corporation)

"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)

"Media Player - Codec Pack"=Media Player Codec Pack 3.1.0

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Personal"=Personal 4.8.1

"Philips Media Manager 3.3.12.0004"=Philips Media Manager 3.3.12.0004

"RealPlayer 6.0"=RealPlayer

"ShbGuide"=Handelsbanken Installationsguide

"SopCast"=SopCast 3.0.3

"SuperMegaSpoof_is1"=SuperMegaSpoof 2.0

"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security 2005 (Symantec Corporation)

"SynTPDeinstKey"=Synaptics Pointing Device Driver

"Videora iPod Converter"=Videora iPod Converter 3.08

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"winpwn"=winpwn 2.0.0.4

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VLC media player 0.9.2

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2008-11-24 09:20:41 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x043db860.

Error - 2008-11-24 09:22:10 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.5512, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

Error - 2008-11-30 06:55:34 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program DashBoard.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

Error - 2008-12-02 13:08:07 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program applemobiledevicehelper.exe, version 8.0.445.16,

felaktig modul ntdll.dll, version 5.1.2600.5512, felaktig adress 0x00011d8f.

Error - 2008-12-09 14:39:56 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

Error - 2008-12-09 14:40:04 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

Error - 2008-12-09 14:40:21 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

Error - 2008-12-11 14:51:20 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program wmplayer.exe, version 11.0.5721.5145, felaktig modul

avisplitter.ax, version 1.0.0.3, felaktig adress 0x0000a91c.

Error - 2008-12-12 07:08:01 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

mplvw7.dll, version 1.0.0.3, felaktig adress 0x0001c33a.

Error - 2008-12-15 19:18:00 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.5512, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

[ System Events ]

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126