Just nu i M3-nätverket
Jump to content

Norton Security Scan


Jiger

Recommended Posts

NSS stoppar vid C:\windows\system32\casino1.ico och kan sedan inte fortsätta. (Programmet hänger sig inte men letar i evig tid efter casino1.ico). Filen existerar ö h t inte, jag har lagt in en oskyldig dummy med namnet casino1.ico men det hjälper inte. Vad göra för att få NSS att fungera och söka igenom hela datorn??

 

Link to comment
Share on other sites

  • Replies 78
  • Created
  • Last Reply

C:\windows\system32\casino1.ico är normalt en del av ett skadligt program så det blir väl bättre med Norton när datorn blir av med de skadliga filerna. Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:31:50, on 2008-12-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

D:\Program\D4\D4.exe

C:\Program\iolo\common\lib\ioloServiceManager.exe

C:\Program\Java\jre6\bin\jqs.exe

d:\Program\CDBurnerXP\NMSAccessU.exe

D:\Program\NORTON~1\NORTON~1\NPROTECT.EXE

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\oodag.exe

D:\Program\PixVue.Com\PixVue\bin\Daemon.exe

C:\Program\Shield\shdserv.exe

D:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Shield\shieldclnt.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\oodtray.exe

C:\WINDOWS\system32\iid.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

D:\Program\D4\D4.exe

D:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\SCardSvr.exe

D:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

D:\Program\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program\Creative\MediaSource\Detector\CTDetect.exe

C:\Program\Shield\shieldtray.exe

D:\Program\Anti Tracks\AntiTracks.exe

D:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

D:\Program\AtomTime Pro\AtomTime.EXE

D:\Program\zabkat\xplorer2\xplorer2_UC.exe

D:\Program\MailWasher Pro\MailWasher.exe

D:\Program\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\Program\Outlook Express\msimn.exe

D:\Program\Microsoft Office\Office\OUTLOOK.EXE

C:\Program\Personal\bin\Personal.exe

D:\Program\Skärmsläckarkontroll\SSSwitch.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Outlook Express\wab.exe

C:\Program\GetRight\GETRIGHT.EXE

D:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2.exe

D:\Program\HiT\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program\GetRight\xx2gr.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - D:\Program\PixVue.Com\PixVue\bin\PixVue.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [Dimension4] D:\Program\D4\D4.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [WinPatrol] D:\Program\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Norton Protection Status] D:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKCU\..\Run: [shield Tray] C:\Program\Shield\shieldtray.exe

O4 - HKCU\..\Run: [AntiTracks] D:\Program\Anti Tracks\AntiTracks.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AtomTime Pro.lnk = D:\Program\AtomTime Pro\AtomTime.EXE

O4 - Startup: Filhanteraren.lnk = D:\Program\zabkat\xplorer2\xplorer2_UC.exe

O4 - Startup: MailWasherPro.lnk = D:\Program\MailWasher Pro\MailWasher.exe

O4 - Startup: Norton System Doctor.LNK = D:\Program\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Startup: Outlook Express.lnk = C:\Program\Outlook Express\msimn.exe

O4 - Startup: Outlook.lnk = ?

O4 - Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Startup: Skärmsläckarkontroll.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = D:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: *.handelsbanken.se

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205417545546

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223471404077

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5327/mcfscan.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - D:\Program\Cacheman\CachemanXP.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CLRSERV - Unknown owner - C:\Program\Shield\Drive image\CLRSERV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Dimension4 - Thinking Man Software - D:\Program\D4\D4.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Imapi Helper - Alex Feinman - D:\Program\SO Recorder\ImapiHelper.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Program\CDBurnerXP\NMSAccessU.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\Program\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PixVue - PixVue.Com - D:\Program\PixVue.Com\PixVue\bin\Daemon.exe

O23 - Service: SHDSERV - Unknown owner - C:\Program\Shield\shdserv.exe

O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program\Shield\shieldclnt.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 12119 bytes

[/log]

 

Link to comment
Share on other sites

Varför har du inte något antivirusprogram installerat?

 

Du har två program som gör samma sak, Ashampoo AntiSpyWare 2 och WinPatrol, det är oftast olämpligt eftersom det är risk för att de orsakar problem. De överlappar dessutom med Norton SystemWorks.

 

Både Norton SystemWorks (Speed Disk) och OO Defrag är program för defragmentering, inte bra att båda håller på och kör samtidigt.

 

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

Jag har ZoneAlarm Security Suite v 7 installerat och detta program innehåller ZoneAlarm Antivirus.

Winpatrol håller reda på stödprogram till Internet Explorer, startprogram som läggs till etc men absolut inte spyware och är alltså inte alls samma sak som Ashampo Antispyware.

Norton Speed disk kommer med Norton System Works Basic Edition 2006, jag kör det aldrig och det går inte igång av sig själv liksom Windows egen defragmenterare heller inte går igång av sig själv.

 

Jag ska hämta och installera OTViewIT och återkomma...

 

Link to comment
Share on other sites

[log]OTViewIt logfile created on: 2008-12-27 10:38:29 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = D:\Installationsfiler

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,94 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 69,32% Memory free

3,78 Gb Paging File | 3,11 Gb Available in Paging File | 82,17% Paging File free

Paging file location(s): T:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 298,08 Gb Total Space | 242,96 Gb Free Space | 81,51% Space Free | Partition Type: NTFS

Drive D: | 260,06 Gb Total Space | 168,64 Gb Free Space | 64,85% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 298,09 Gb Total Space | 232,42 Gb Free Space | 77,97% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive T: | 19,41 Gb Total Space | 17,40 Gb Free Space | 89,63% Space Free | Partition Type: NTFS

 

Computer Name: AUD

Current User Name: Jan G Romander

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-07-09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[2007-12-03 13:53:58 | 00,139,264 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

[2005-09-17 00:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

[2007-12-03 13:53:58 | 00,139,264 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

[2005-09-17 00:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

[2008-03-14 14:57:28 | 01,251,720 | ---- | M] () -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[2008-11-04 14:32:44 | 00,749,400 | ---- | M] () -- d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

[1999-12-13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

[2008-11-12 21:54:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2008-10-20 21:18:26 | 00,071,096 | ---- | M] () -- d:\Program\CDBurnerXP\NMSAccessU.exe

[2005-11-03 19:08:02 | 00,095,832 | ---- | M] (Symantec Corporation) -- D:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

[2006-12-15 13:36:28 | 00,750,720 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

[2007-05-11 01:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe

[2008-05-20 14:25:12 | 00,192,512 | ---- | M] () -- C:\Program\Shield\SHDSERV.exe

[2008-05-20 14:22:30 | 00,045,056 | ---- | M] () -- C:\Program\Shield\ShieldClnt.exe

[2005-03-11 18:33:28 | 00,147,456 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe

[2005-03-08 04:33:28 | 00,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2005-09-22 17:42:24 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe

[2007-05-11 01:08:54 | 02,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe

[2008-07-09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

[2004-12-02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- D:\Program\Creative\MediaSource\Detector\CTDetect.exe

[2008-05-20 14:25:12 | 03,391,488 | ---- | M] () -- C:\Program\Shield\shieldtray.exe

[1999-03-12 01:44:54 | 00,046,080 | ---- | M] (Microsoft Corporation) -- D:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

[2008-10-15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2008-12-27 10:34:46 | 00,423,424 | ---- | M] (OldTimer Tools) -- D:\Installationsfiler\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-11-04 14:32:44 | 00,749,400 | ---- | M] () -- d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe -- (AASW2_Service [Auto | Running])

[2008-07-08 15:52:28 | 00,611,664 | ---- | M] (Lavasoft) -- D:\Program\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand | Stopped])

[2008-10-02 16:44:24 | 00,460,168 | ---- | M] () -- C:\Program\AskBarDis\bar\bin\AskService.exe -- (ASKService [Disabled | Stopped])

[2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-03-03 21:39:44 | 00,242,688 | ---- | M] (Outertech) -- D:\Program\Cacheman\CachemanXP.exe -- (CachemanXPService [On_Demand | Stopped])

[2005-09-17 00:27:06 | 00,192,112 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])

[2005-09-17 00:27:12 | 00,169,584 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

[2007-09-03 09:21:32 | 00,081,920 | ---- | M] () -- C:\Program\Shield\Drive image\CLRSERV.exe -- (CLRSERV [On_Demand | Stopped])

[2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[1999-12-13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])

[2004-02-04 00:26:42 | 00,200,704 | ---- | M] (Thinking Man Software) -- D:\Program\D4\D4.exe -- (Dimension4 [Auto | Stopped])

[2008-12-22 10:39:59 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2006-01-04 23:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- D:\Program\SO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])

[2008-08-15 15:46:00 | 00,596,328 | ---- | M] () -- C:\Program\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList [Auto | Stopped])

[2008-08-15 15:46:00 | 00,596,328 | ---- | M] () -- C:\Program\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService [Auto | Stopped])

[2008-11-12 21:54:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2008-10-20 21:18:26 | 00,071,096 | ---- | M] () -- d:\Program\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])

[2005-11-03 19:08:02 | 00,095,832 | ---- | M] (Symantec Corporation) -- D:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])

[2006-12-15 13:36:28 | 00,750,720 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService [Auto | Running])

[2007-05-11 01:09:48 | 01,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Auto | Running])

[2005-11-14 20:19:28 | 00,151,552 | ---- | M] (PixVue.Com) -- D:\Program\PixVue.Com\PixVue\bin\Daemon.exe -- (PixVue [Auto | Stopped])

[2008-05-20 14:25:12 | 00,192,512 | ---- | M] () -- C:\Program\Shield\SHDSERV.exe -- (SHDSERV [Auto | Running])

[2008-05-20 14:22:30 | 00,045,056 | ---- | M] () -- C:\Program\Shield\ShieldClnt.exe -- (ShieldClientService [Auto | Running])

[2005-09-15 16:21:13 | 01,160,800 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])

[2005-11-03 18:44:58 | 00,176,193 | ---- | M] (Symantec Corporation) -- D:\Program\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service [Auto | Stopped])

[2008-03-14 14:57:28 | 01,251,720 | ---- | M] () -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])

[2008-07-09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

[2006-11-15 10:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2005-09-22 17:34:18 | 03,727,680 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])

[1999-09-10 13:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])

[2007-12-28 09:36:16 | 00,477,568 | ---- | M] () -- C:\WINDOWS\system32\drivers\cloverm.sys -- (cloverm [system | Running])

[2008-04-17 09:45:38 | 00,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk [system | Running])

[2007-10-30 16:43:22 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running])

[2003-08-26 16:25:14 | 00,207,616 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])

[2003-08-26 16:22:34 | 01,041,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2007-07-19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [system | Running])

[2003-12-17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])

[2003-12-17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])

[2003-04-09 12:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2004-08-13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])

[2005-11-03 18:56:06 | 00,081,748 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Stopped])

[2008-06-19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-03-29 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2006-01-18 11:41:58 | 00,080,512 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2005-11-03 18:43:42 | 00,090,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver [On_Demand | Stopped])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008-05-20 14:25:14 | 00,007,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\Shdbus.sys -- (shdbus [boot | Running])

[2008-05-20 14:25:14 | 00,105,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\Shield.sys -- (Shield [boot | Running])

[2008-05-20 14:25:14 | 00,022,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\Shieldf.sys -- (Shieldf [boot | Running])

[2008-05-20 14:25:14 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\Shieldm.sys -- (shieldm [boot | Running])

[2005-09-15 16:21:13 | 00,389,728 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])

[2008-11-12 22:39:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2008-02-27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [boot | Running])

[2008-03-14 14:57:29 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2008-03-14 14:08:08 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

[2008-04-13 23:06:42 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [boot | Running])

[2007-10-30 16:43:24 | 00,032,080 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus [system | Running])

[2007-10-30 16:43:24 | 00,131,672 | ---- | M] (Paragon) -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM [system | Running])

[2005-08-24 14:08:36 | 00,237,312 | R--- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])

[2005-04-26 12:22:40 | 00,060,928 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

[2008-07-09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [system | Running])

[2003-08-26 16:24:06 | 00,675,840 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[2006-03-02 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Page_Transitions"=

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://www.leta.se/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main]

"Page_Transitions"=

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://www.leta.se/

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{31FF080D-12A3-439A-A2EF-4BA95A3148E8} (HKLM) -- C:\Program\GetRight\xx2gr.dll (Headlight Software, Inc.)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- C:\Program\DAEMON Tools Toolbar\DTToolbar.dll ()

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{B28B4479-D9C2-41D1-B74D-74A1827037CD}" (HKLM) -- D:\Program\PixVue.Com\PixVue\bin\PixVue.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- C:\Program\DAEMON Tools Toolbar\DTToolbar.dll ()

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- C:\Program\DAEMON Tools Toolbar\DTToolbar.dll ()

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)

"'Ashampoo AntiSpyWare 2 Guard'"=d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe (Ashampoo GmbH & Co. KG)

"Dimension4"=D:\Program\D4\D4.exe (Thinking Man Software)

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)

"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)

"Net iD"=C:\WINDOWS\system32\iid.exe (SecMaker AB)

"OODefragTray"=C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp (Microsoft Corporation)

"WinPatrol"=D:\Program\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)

"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AntiTracks"=D:\Program\Anti Tracks\AntiTracks.exe (RIGHT Utilities, Inc.)

"Creative Detector"=D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R (Creative Technology Ltd)

"Norton Protection Status"=D:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)

"Shield Tray"=C:\Program\Shield\shieldtray.exe ()

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AntiTracks"=D:\Program\Anti Tracks\AntiTracks.exe (RIGHT Utilities, Inc.)

"Creative Detector"=D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R (Creative Technology Ltd)

"Norton Protection Status"=D:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)

"Shield Tray"=C:\Program\Shield\shieldtray.exe ()

 

========== (O4) RunOnce Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SMRequiresRestart"= File not found

"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu (Microsoft Corporation)

 

========== (O4) Startup Folders ==========

 

[2000-01-21 09:15:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE

[1999-03-12 01:44:54 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Port för Symantec Fax Starter Edition.lnk = D:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

[2004-12-03 11:04:18 | 00,396,316 | ---- | M] (Naissan Innovations, LLC) -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\AtomTime Pro.lnk = D:\Program\AtomTime Pro\AtomTime.EXE

[2008-05-13 11:05:44 | 00,819,712 | ---- | M] (ZabKat) -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Filhanteraren.lnk = D:\Program\zabkat\xplorer2\xplorer2_UC.exe

[2008-10-21 14:58:18 | 18,120,904 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\MailWasherPro.lnk = D:\Program\MailWasher Pro\MailWasher.exe

[2005-11-03 19:09:04 | 00,083,632 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Norton System Doctor.LNK = D:\Program\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

[2008-04-14 20:35:14 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Outlook Express.lnk = C:\Program\Outlook Express\msimn.exe

[2008-06-19 12:14:57 | 00,104,960 | R--- | M] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Outlook.lnk = C:\WINDOWS\Installer\{0000041D-78E1-11D2-B60F-006097C998E7}\outicon.exe

[2008-06-20 12:25:37 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

[1998-01-24 03:51:00 | 00,126,464 | ---- | M] (AWS (Aaron Writes Software)) -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Skärmsläckarkontroll.lnk = D:\Program\Skärmsläckarkontroll\SSSwitch.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

Download with GetRight: C:\Program\GetRight\GRDownload.htm [2006-03-29 13:35:12 | 00,000,994 | ---- | M] ()

Open with GetRight Browser: C:\Program\GetRight\GRBrowse.htm [2006-03-29 13:35:12 | 00,000,977 | ---- | M] ()

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\Software\Microsoft\Internet Explorer\MenuExt\]

Download with GetRight: C:\Program\GetRight\GRDownload.htm [2006-03-29 13:35:12 | 00,000,994 | ---- | M] ()

Open with GetRight Browser: C:\Program\GetRight\GRBrowse.htm [2006-03-29 13:35:12 | 00,000,977 | ---- | M] ()

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{5E638779-1818-4754-A595-EF1C63B87A56}: Button: Express Cleanup -- D:\Program\Norton SystemWorks\Norton Cleanup\WCQuick File not found

{5E638779-1818-4754-A595-EF1C63B87A56}: Menu: Express Cleanup -- D:\Program\Norton SystemWorks\Norton Cleanup\WCQuick File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Trusted sites

 

[HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Trusted sites

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab -- Creative Software AutoUpdate

{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class

{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab -- Windows Live Safety Center Base Module

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205417545546 -- WUWebControl Class

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223471404077 -- MUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Java Plug-in 1.6.0_06

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}: http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5327/mcfscan.cab -- McFreeScan Class

{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab -- Creative Software AutoUpdate Support Package

 

========== (O17) DNS Name Servers ==========

 

{A2117E79-EAAB-4087-A550-7B717ECF7DB6} (Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC)

{C748B878-5146-4A85-9AAC-B5EB4C7D60E5} (Servers: | Description: 1394 Net Adapter)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

avldr: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

PixVue: "DllName" = D:\Program\PixVue.Com\PixVue\bin\WinLogon.DLL -- D:\Program\PixVue.Com\PixVue\bin\WinLogon.dll (PixVue.Com)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

autorun []

[2008-04-25 20:37:24 | 00,000,000 | ---D | M] -- H:\autorun -- [ NTFS ]

 

autorun.inf [[autorun] | open=wd_windows_tools\WDSetup.exe | ICON=AUTORUN\WDLOGO.ICO | ]

[2008-04-01 13:53:24 | 00,000,071 | -H-- | M] () -- H:\autorun.inf -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[2008-12-26 23:47:13 | 00,016,754 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\nss.jpg

[2008-12-26 13:50:18 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Vintervärdar.doc

[2008-12-26 13:46:48 | 00,055,084 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\5428.tiff

[2008-12-26 13:32:38 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Adobe AIR

[2008-12-26 10:17:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan G Romander\Application Data\Skinux

[2008-12-23 19:29:43 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Citat.doc

[2008-12-22 17:54:12 | 87,828,890 | ---- | C] () -- C:\BackupRegistry(20081222).reg

[2008-12-22 13:50:40 | 00,000,060 | RH-- | C] () -- C:\WINDOWS\DX_12COM.INF

[2008-12-22 12:41:22 | 00,262,144 | ---- | C] () -- C:\ntuser.dat

[2008-12-22 11:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan G Romander\Mina dokument\CDBurnerXP Projects

[2008-12-22 11:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan G Romander\Application Data\Canneverbe_Limited

[2008-12-22 10:53:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2008-12-22 10:46:32 | 00,000,000 | ---D | C] -- C:\Program\Adobe Media Player

[2008-12-22 10:40:37 | 00,000,000 | ---D | C] -- C:\Program\Adobe

[2008-12-22 10:39:59 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Macrovision Shared

[2008-12-20 14:28:49 | 00,000,478 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Jan G Romander.job

[2008-12-19 15:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan G Romander\Application Data\Ashampoo

[2008-12-19 15:37:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2008-12-18 17:26:55 | 00,000,795 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Norton System Doctor.LNK

[2008-12-18 13:50:57 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Outlook Express.lnk

[2008-12-17 20:43:52 | 00,000,578 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\MailWasherPro.lnk

[2008-12-17 20:42:07 | 00,002,395 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Outlook.lnk

[2008-12-16 15:27:24 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Pinkoder.doc

[2008-12-16 15:20:42 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\JAN ROMANDER.doc

[2008-12-15 16:45:24 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Saldo.doc

[2008-12-14 13:00:52 | 03,128,832 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\MMA Weekly.doc

[2008-12-11 11:59:32 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\It Works.doc

[2008-12-11 00:44:06 | 00,004,575 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Tomten på Berget.rtf

[2008-12-09 22:06:00 | 03,608,236 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Julbetraktelse Zeke och tre små grisar.wmv

[2008-12-09 16:09:42 | 00,068,979 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\PG-Bevakning CK.jpg

[2008-12-08 12:26:08 | 00,019,439 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Dator.doc

[2008-12-05 17:40:14 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Utlånade böcker.doc

[2008-12-05 13:36:42 | 00,062,537 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\PG-Bevakning SS.jpg

[2008-12-03 17:12:22 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Vad ska de göra som snart ska gå i pension.doc

[2008-12-02 14:49:50 | 00,102,400 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Tillgångar.doc

[2008-11-29 12:43:28 | 00,005,077 | ---- | C] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Komihåg lista.rtf

 

========== Files - Modified Within 30 Days ==========

 

[2008-12-27 10:36:02 | 00,000,499 | ---- | M] () -- C:\WINDOWS\ssswitch.ini

[2008-12-27 10:35:26 | 55,279,648 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008-12-27 10:07:13 | 00,000,805 | ---- | M] () -- C:\rollback.ini

[2008-12-27 09:52:12 | 00,000,343 | ---- | M] () -- C:\WINDOWS\start.ini

[2008-12-27 09:28:20 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job

[2008-12-27 09:28:19 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job

[2008-12-27 07:51:15 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2008-12-27 05:17:05 | 00,000,548 | ---- | M] () -- C:\WINDOWS\bok2w.ini

[2008-12-27 04:26:30 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jan G Romander.job

[2008-12-26 23:47:14 | 00,016,754 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\nss.jpg

[2008-12-26 19:57:47 | 00,002,395 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Outlook.lnk

[2008-12-26 19:57:23 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-26 19:57:21 | 00,355,090 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2008-12-26 19:56:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-26 19:56:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-26 19:55:50 | 00,630,838 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor

[2008-12-26 19:55:03 | 00,710,012 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2008-12-26 19:51:27 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2008-12-26 19:47:50 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Timed Backups Manager.job

[2008-12-26 19:47:22 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\1-ClickCleaner.job

[2008-12-26 19:36:48 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job

[2008-12-26 15:06:22 | 00,019,439 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Dator.doc

[2008-12-26 13:50:18 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Vintervärdar.doc

[2008-12-26 13:46:48 | 00,055,084 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\5428.tiff

[2008-12-26 11:49:18 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-26 11:22:42 | 00,000,155 | ---- | M] () -- C:\WINDOWS\OODCNT.INI

[2008-12-26 11:04:47 | 01,431,552 | R--- | M] () -- C:\Documents and Settings\All Users\Dokument\ESBK.mbb

[2008-12-26 11:04:47 | 00,740,352 | R--- | M] () -- C:\Documents and Settings\All Users\Dokument\ESBK.mb

[2008-12-23 19:29:44 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Citat.doc

[2008-12-22 17:54:26 | 87,828,890 | ---- | M] () -- C:\BackupRegistry(20081222).reg

[2008-12-22 16:10:08 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Skrivbord\System Mechanic.lnk

[2008-12-22 13:50:40 | 00,000,060 | RH-- | M] () -- C:\WINDOWS\DX_12COM.INF

[2008-12-22 12:41:22 | 00,262,144 | ---- | M] () -- C:\ntuser.dat

[2008-12-22 12:38:46 | 00,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-12-22 12:36:57 | 00,064,152 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2008-12-22 12:30:31 | 01,043,004 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-12-22 12:30:31 | 00,464,034 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-12-22 12:30:31 | 00,442,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-12-22 12:30:31 | 00,092,274 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-12-22 12:30:31 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-12-18 17:26:55 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Norton System Doctor.LNK

[2008-12-18 13:51:33 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\Outlook Express.lnk

[2008-12-17 20:43:52 | 00,000,578 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Start-meny\Program\Autostart\MailWasherPro.lnk

[2008-12-16 15:27:24 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Pinkoder.doc

[2008-12-16 15:20:42 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\JAN ROMANDER.doc

[2008-12-15 16:45:24 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Saldo.doc

[2008-12-14 13:00:52 | 03,128,832 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\MMA Weekly.doc

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-11 11:59:32 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\It Works.doc

[2008-12-11 00:44:06 | 00,004,575 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Tomten på Berget.rtf

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-09 22:06:00 | 03,608,236 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Julbetraktelse Zeke och tre små grisar.wmv

[2008-12-09 16:09:42 | 00,068,979 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\PG-Bevakning CK.jpg

[2008-12-05 17:40:14 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Utlånade böcker.doc

[2008-12-05 13:36:42 | 00,062,537 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\PG-Bevakning SS.jpg

[2008-12-04 16:44:00 | 00,935,776 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll

[2008-12-03 17:12:22 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Vad ska de göra som snart ska gå i pension.doc

[2008-12-02 14:49:50 | 00,102,400 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Tillgångar.doc

[2008-11-29 12:43:28 | 00,005,077 | ---- | M] () -- C:\Documents and Settings\Jan G Romander\Mina dokument\Komihåg lista.rtf

< End of report >

OTViewIt Extras logfile created on: 2008-12-27 10:38:29 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = D:\Installationsfiler

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,94 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 69,32% Memory free

3,78 Gb Paging File | 3,11 Gb Available in Paging File | 82,17% Paging File free

Paging file location(s): T:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 298,08 Gb Total Space | 242,96 Gb Free Space | 81,51% Space Free | Partition Type: NTFS

Drive D: | 260,06 Gb Total Space | 168,64 Gb Free Space | 64,85% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 298,09 Gb Total Space | 232,42 Gb Free Space | 77,97% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Drive T: | 19,41 Gb Total Space | 17,40 Gb Free Space | 89,63% Space Free | Partition Type: NTFS

 

Computer Name: AUD

Current User Name: Jan G Romander

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=1

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 20:35:20 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 20:35:20 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[1998-11-12 09:26:24 | 00,497,152 | ---- | M] () -- D:\Program\Microsoft Office\Office\1053\WFXMSRVR.EXE:*:Enabled:WFXMSRVR

[2004-02-04 00:26:42 | 00,200,704 | ---- | M] (Thinking Man Software) -- D:\Program\D4\D4.exe:*:Enabled:Dimension 4

[2008-05-10 06:15:28 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare

[2008-08-14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 20:34:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 20:34:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 20:34:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0000041D-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Premium

"{0004041D-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 CD 2

"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4

"{0691B876-15B2-451B-AEA4-5653E40899C4}"=Windows Presentation Foundation Language Pack (SVE)

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}"=ESSSONIC

"{08AB56DB-F5B6-4477-A2FD-38398F06C378}"=Microsoft .NET Framework 3.0 Swedish Language Pack

"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime

"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler

"{0D93D179-6127-4FC6-80C8-EE113D0D3659}"=Svenskt kulturlandskapstema för Windows XP

"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4

"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}"=Ljud i Microsoft Office

"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}"=ccCommon

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}"=Adobe Setup

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD

"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4

"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate

"{1A15507A-8551-4626-915D-3D5FA095CC1B}"=Corel Paint Shop Pro X

"{1B2DBF55-05D4-4072-87D8-689141E262BD}"=Creative ZEN

"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java 6 Update 10

"{2BAC066E-F2E9-11D2-A171-00C04F6C9FA4}"=Microsoft Office HTML-filter 2.1

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}"=Creative MediaSource

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}"=Adobe Dreamweaver CS4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java 6 Update 6

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}"=Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4

"{42938595-0D83-404D-9F73-F8177FDD531A}"=ESScore

"{4360BB46-507E-4361-8DCB-4FF9BDC9907B}"=SnagIt 7

"{4537EA4B-F603-4181-89FB-2953FC695AB1}"=netbrdg

"{47B8A3A9-7C49-473D-AA66-27A05E2F117A}"=Visma Skatt Privat 2007-2008

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension

"{4E835052-A23C-4F9A-9EF5-69E81EE718D4}"=Svenskt kustlandskapstema för Windows XP

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}"=skin0001

"{53480330-E1D1-41CA-B8F8-7F78644F7F50}"=O&O Defrag Professional Edition

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1"=iolo technologies' System Mechanic

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.79.1

"{5F9662B9-ED3F-4F02-9DEE-EFA1F95F629F}"=Paragon Drive Backup 8.51 Personal

"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA

"{61A22078-4610-11D3-95D5-00C04F684694}"=Microsoft Office-guiden Spara mina inställningar

"{639858DD-4966-40F3-A706-7C838BCF3A2B}"=MaxBlast 4

"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}"=Adobe Device Central CS4

"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}"=Norton Utilities

"{70592B0B-9860-446B-94B5-C7354F99FDEE}"=Visma Skatt 2008-2009

"{707D28BF-E145-4a9b-B97E-94FA586D05F3}"=Norton SystemWorks 2006 Basic Edition

"{75C1CAF9-75EA-4C62-A030-B2A0BB0240C3}"=Finländskt vintertema för Windows XP

"{77364F85-6219-4CB8-AAA0-6D53368D683D}"=Connection Keep Alive

"{77701BFD-3A86-34B0-A9EC-0D7440C6D8AF}"=Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC

"{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}"=WinXP Manager

"{7D7152AF-581B-316F-8CA4-15342C3EFA4B}"=Microsoft .NET Framework 3.5 Language Pack SP1 - sve

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1"=CDBurnerXP

"{7E819CE5-2C41-4C8D-BAF0-B49CC65C5562}"=Norton Security Scan

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4

"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}"=Norton Protection Center

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4

"{8943CE61-53BD-475E-90E1-A580869E98A2}"=staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8B229549-4D25-4433-BFD7-4EF727EF25D7}"=Svenskt vinterlandskapstema för Windows XP

"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini

"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}"=NSW_DRM_COLLECTION

"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui

"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}"=Dimension 4 v5.0

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL

"{9E23C48E-5483-4971-BA50-089F2FABCD66}"=Norton SystemWorks

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}"=Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2

"{AA8CF3BD-6717-3B70-83BF-377426410A66}"=Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE

"{AC76BA86-7AD7-1053-7B44-A90000000001}"=Adobe Reader 9 - Svenska

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}"=REALTEK GbE & FE Ethernet NIC Driver

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK

"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI

"{B2586CA8-0F12-11D3-8258-00C04F6843FE}"=Tillägget Microsoft Office 2000 Web Archive

"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4

"{CA31120D-2101-484D-9FF1-195DE96FE346}"=Norton Cleanup

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw

"{CC9F419B-1E64-49BB-8A13-9608EBF985D7}"=PixVue

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}"=WinZip 11.2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1

"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}"=MSRedist

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR

"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}"=Creative Zen Vision M

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware

"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}"=ISO Recorder

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}"=tooltips

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}"=kgcbase

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK

"{F5F43BB3-9553-411B-AFA3-11ABB7472A8E}"=Svenskt skogslandskapstema för Windows XP

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS

"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio

"Absolute Uninstaller_is1"=Absolute Uninstaller 1.5

"AceMoney_is1"=AceMoney

"ActiveScan 2.0"=Panda ActiveScan 2.0

"Adobe AIR"=Adobe AIR

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin

"Adobe_acce07fd2c8fe7f9e3f26243e626578"=Adobe Dreamweaver CS4

"Alive Video Converter_is1"=Alive Video Converter (version 3.2.0.8)

"Alive WMA MP3 Recorder_is1"=Alive WMA MP3 Recorder v3.3.2.8

"Anti Tracks_is1"=Anti Tracks 6.9.4

"Ashampoo AntiSpyWare 2_is1"=Ashampoo AntiSpyWare 2.04

"Ashampoo Burning Studio 8_is1"=Ashampoo Burning Studio 8.04

"Ask Toolbar_is1"=Vuze Toolbar

"AstroDatabank 2.0"=AstroDatabank 2.0

"AtomTime Pro_is1"=AtomTime Pro 3.1d

"Backup Plus_is1"=Backup Plus v7.0

"CNXT_MODEM_PCI"=SoftV92 Data Fax Modem

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player

"Creative Removable Disk Manager"=Creative Removable Disk Manager

"Creative Software AutoUpdate"=Creative Software AutoUpdate

"D56C7EAB-BEE6-4D51-86CF-419FFC07FF11_is1"=iolo technologies' Search and Recover

"DAEMON Tools Toolbar"=DAEMON Tools Toolbar

"eMule"=eMule

"filehippo.com"=filehippo.com Update Checker

"GetRight_is1"=GetRight

"Hide IP Platinum_is1"=Hide IP Platinum 2.0

"HijackThis"=HijackThis 2.0.2

"hp deskjet 940c series"=hp deskjet 940c series (Remove only)

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ImageIze"=ImageIze

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager

"Kaleid95_1"=Kaleidoscope 95.1

"LiveUpdate"=LiveUpdate 2.7 (Symantec Corporation)

"MagicTweak_is1"=MagicTweak Version 4.11

"MailWasher Pro_is1"=MailWasher Pro

"Microangelo 98"=Microangelo 98

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.0 Swedish Language Pack"=Microsoft .NET Framework 3.0 Swedish Language Pack

"Microsoft .NET Framework 3.5 Language Pack SP1 - sve"=Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)

"Net iD"=Net iD 4.8

"NetPal"=Cookie Pal

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"NSSSetup.{7E819CE5-2C41-4C8D-BAF0-B49CC65C5562}"=Norton Security Scan (Symantec Corporation)

"Personal"=Personal 4.8.1

"RealPlayer 6.0"=RealPlayer

"Registry First Aid_is1"=Registry First Aid

"Registry Mechanic_is1"=Registry Mechanic 8.0

"Registry Washer_is1"=Registry Washer 3.8.1

"Rollback Rx"=Rollback Rx

"SendToX.PowerToy"=Send To Extensions PowerToy

"ShbGuide"=Handelsbanken Installationsguide

"ST5UNST #1"=Hälsovakten Plus

"SymSetup.{707D28BF-E145-4a9b-B97E-94FA586D05F3}"=Norton SystemWorks 2006 Basic Edition (Symantec Corporation)

"SysInfo"=Creative System Information

"Totalcmd"=Total Commander (Remove or Repair)

"Tweak UI 2.10"=Tweak UI

"What Is Transferring_is1"=What Is Transferring 1.0

"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display"=VIA/S3G Display Driver

"WIC"=Windows Imaging Component

"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinPatrol"=WinPatrol 2008

"WinRAR archiver"=WinRAR

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"Vuze"=Vuze

"WWW File Share Pro_is1"=WWW File Share Pro 5.30

"XP Codec Pack"=XP Codec Pack

"xplorer2p"=xplorer² professional

"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0

"Your Uninstaller! 2008_is1"=Your Uninstaller! 2008 Version 6.2

"ZENcast Organizer"=ZENcast Organizer

"ZoneAlarm Security Suite"=ZoneAlarm Security Suite

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-08-04 17:47:40 | Computer Name = AUD | Source = Application Error | ID = 1000

Description = Felaktigt program NOPDB.exe, version 19.0.0.8, felaktig modul ntdll.dll,

version 5.1.2600.5512, felaktig adress 0x0001b1fa.

 

Error - 2008-08-04 17:53:23 | Computer Name = AUD | Source = Application Error | ID = 1001

Description = Fel-bucket 789606670.

 

Error - 2008-08-05 12:36:54 | Computer Name = AUD | Source = Application Error | ID = 1000

Description = Felaktigt program outlook.exe, version 9.0.0.6604, felaktig modul

mso9.dll, version 9.0.0.6926, felaktig adress 0x000060cb.

 

Error - 2008-08-05 12:36:58 | Computer Name = AUD | Source = Application Error | ID = 1001

Description = Fel-bucket 29616168.

 

Error - 2008-08-17 18:27:21 | Computer Name = AUD | Source = Application Error | ID = 1000

Description = Felaktigt program wmplayer.exe, version 11.0.5721.5145, felaktig modul

wmp.dll, version 11.0.5721.5230, felaktig adress 0x0001051f.

 

Error - 2008-08-17 18:27:25 | Computer Name = AUD | Source = Application Error | ID = 1001

Description = Fel-bucket 489197885.

 

Error - 2008-09-17 14:53:38 | Computer Name = AUD | Source = Application Error | ID = 1000

Description = Felaktigt program ad-aware.exe, version 7.1.0.11, felaktig modul ad-aware.exe,

version 7.1.0.11, felaktig adress 0x0014b4ec.

 

Error - 2008-09-17 14:53:43 | Computer Name = AUD | Source = Application Error | ID = 1001

Description = Fel-bucket 931756807.

 

Error - 2008-09-20 06:43:38 | Computer Name = AUD | Source = Application Error | ID = 1000

Description = Felaktigt program easyshare.exe, version 7.0.25.114, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x00f53485.

 

Error - 2008-09-20 07:24:52 | Computer Name = AUD | Source = Application Error | ID = 1001

Description = Fel-bucket 935895595.

 

[ System Events ]

Error - 2008-12-26 14:53:02 | Computer Name = AUD | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten TrkWks.

 

Error - 2008-12-26 14:53:32 | Computer Name = AUD | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten ShellHWDetection.

 

Error - 2008-12-26 14:54:02 | Computer Name = AUD | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten dmserver.

 

Error - 2008-12-26 14:54:32 | Computer Name = AUD | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten Schedule.

 

Error - 2008-12-26 14:55:03 | Computer Name = AUD | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten TrkWks.

 

Error - 2008-12-26 14:57:18 | Computer Name = AUD | Source = Service Control Manager | ID = 7000

Description = Tjänsten Norton UnErase Protection Driver kunde inte startas på grund

av följande fel: %%31

 

Error - 2008-12-27 05:37:02 | Computer Name = AUD | Source = Service Control Manager | ID = 7034

Description = Tjänsten PixVue avslutades oväntat. Detta har skett 1 gånger.

 

Error - 2008-12-27 05:37:16 | Computer Name = AUD | Source = Service Control Manager | ID = 7034

Description = Tjänsten iolo FileInfoList Service avslutades oväntat. Detta har skett

1 gånger.

 

Error - 2008-12-27 05:37:16 | Computer Name = AUD | Source = Service Control Manager | ID = 7034

Description = Tjänsten iolo System Service avslutades oväntat. Detta har skett 1

gånger.

 

Error - 2008-12-27 05:37:25 | Computer Name = AUD | Source = Service Control Manager | ID = 7034

Description = Tjänsten Dimension4 avslutades oväntat. Detta har skett 1 gånger.

 

 

< End of report >

 

[/log]

 

Link to comment
Share on other sites

Okej, det är det att jag bara ser de två brandväggsprocesserna för ZoneAlarm, men om du säger att antivirusprogrammet är igång så.

 

På beskrivningen av Ashampo AntiSpyWare 2 så låter det som att det innehåller sådana funktioner som WinPatrol också, men det kanske inte stämmer.

 

Det här är två processer som var igång när du skapade HijackThis-loggen:

D:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\oodtray.exe

dvs Norton SpeedDisk och OO Defrag.

 

Link to comment
Share on other sites

Jo, det stämmer att Ashampoo Antispyware och Winpatrol har vissa egenskaper gemensamt - båda säger till om ett nytt program läggs till i autstarten t ex, men väsentligen gör dom olika jobb.

Norton speed disk har jag aldrig märkt och skulle lätt kunna avvara. Rekommendabelt??

 

Link to comment
Share on other sites

Ask Toolbar (Vuze Toolbar) rekommenderas inte, så avinstallera och ta bort mappen C:\Program\AskBarDis

 

Har du haft Pandas antivirusprogram installerat? Det verkar vara en Panda-drivrutin i datorn.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- C:\Program\DAEMON Tools Toolbar\DTToolbar.dll ()

Anses vara en skadlig verktygslist:

http://www.systemlookup.com/CLSID/29780-DTToolbar_dll.html

Jag skulle avinstallera den.

 

Det är flera gamla Java-versioner med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java och J2SEutom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

[2008-12-27 09:28:20 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job

[2008-12-26 19:36:48 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job

RegCure anses vara ett skadligt program, avinstallera om du inte redan har gjort det samt ta bort ovanstående filer.

 

Ladda ner FileLook från en av dessa länkar:

http://jpshortstuff.247fixes.com/FileLook.exe

http://images.malwareremoval.com/jpshortstuff/FileLook.exe

 

Dubbelklicka på filen för att köra den.

 

Kopiera alla rader i rutan (använd markera kod)

C:\windows\system32\casino1.ico

och klistra in i det stora textfältet i FileLook.

Tryck på knappen FileLook för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som C:\FileLook.txt.

 

Link to comment
Share on other sites

Jo, det stämmer att Ashampoo Antispyware och Winpatrol har vissa egenskaper gemensamt - båda säger till om ett nytt program läggs till i autstarten t ex, men väsentligen gör dom olika jobb.

Norton speed disk har jag aldrig märkt och skulle lätt kunna avvara. Rekommendabelt??

Jag har inte använt något av programmen och kan inte bedöma hur bra det är i olika avseenden, men det är normalt inte bra att ha två program igång som gör samma sak, oavsett om det är att kolla filer som antivirusprogram, övervakar registerposter eller defragmenterar, eftersom det ofta kan leda till konstiga problem.

 

Link to comment
Share on other sites

FileLook.exe v2.0 by jpshortstuff

Log created at 13:55 on 27/12/2008

==================================

FileLook - "casino1.ico"

 

Unable to find file.

 

==============================

 

=EOF=

 

F ö har jag gjort allt du föreslog utom RegCure som jag har de bästa erfarenheter av sedan flera år. Panda drivrutinen finns säkerligen sedan jag vid ett par tillfällen körde Panda ActiveScan Online.

 

Slutligen NSS stannar likt förbannat på C:\windows\system32\casino1.ico!

Tror du inte att det helt enkelt rör sig om en bugg i NSS?

 

Link to comment
Share on other sites

http://www.mywot.com/sv/scorecard/regcure.com

 

Kan du hitta casino1.ico? I så fall högerklicka på den och välj Egenskaper. Vad är det för datum?

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

Tack Cecilia för din imponerande energi, men casino1.ico finns ö h t inte på min dator. Jag har googlat på casino1.ico och funnit åtminstone 2 personer, bl a på Symantecs forum, som har exakt samma problem som jag med NSS och casino1.ico. Här kommer i alla fall loggarna:

 

 

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1554

Windows 5.1.2600 Service Pack 3

 

2008-12-27 17:05:09

mbam-log-2008-12-27 (17-05-09).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 51011

Förfluten tid: 4 minute(s), 8 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 1

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:09:24, on 2008-12-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

D:\Program\D4\D4.exe

C:\Program\iolo\common\lib\ioloServiceManager.exe

C:\Program\Java\jre6\bin\jqs.exe

d:\Program\CDBurnerXP\NMSAccessU.exe

D:\Program\NORTON~1\NORTON~1\NPROTECT.EXE

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\oodag.exe

D:\Program\PixVue.Com\PixVue\bin\Daemon.exe

C:\Program\Shield\shdserv.exe

D:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Shield\shieldclnt.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\oodtray.exe

C:\WINDOWS\system32\iid.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

D:\Program\D4\D4.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

D:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

C:\WINDOWS\System32\SCardSvr.exe

D:\Program\Logitech\MouseWare\system\em_exec.exe

D:\Program\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program\Creative\MediaSource\Detector\CTDetect.exe

C:\Program\Shield\shieldtray.exe

D:\Program\Anti Tracks\AntiTracks.exe

D:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

D:\Program\AtomTime Pro\AtomTime.EXE

D:\Program\zabkat\xplorer2\xplorer2_UC.exe

D:\Program\MailWasher Pro\MailWasher.exe

D:\Program\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

C:\Program\Outlook Express\msimn.exe

D:\Program\Microsoft Office\Office\OUTLOOK.EXE

C:\Program\Personal\bin\Personal.exe

D:\Program\Skärmsläckarkontroll\SSSwitch.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

D:\Program\Microsoft Office\Office\WINWORD.EXE

D:\Program\HiT\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.leta.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - D:\Program\PixVue.Com\PixVue\bin\PixVue.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [Dimension4] D:\Program\D4\D4.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [WinPatrol] D:\Program\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [bCROReminder] C:\Program\ByteCrusher\RegistryOptimax\BCRO.exe -rem

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Norton Protection Status] D:\Program\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O4 - HKCU\..\Run: [shield Tray] C:\Program\Shield\shieldtray.exe

O4 - HKCU\..\Run: [AntiTracks] D:\Program\Anti Tracks\AntiTracks.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AtomTime Pro.lnk = D:\Program\AtomTime Pro\AtomTime.EXE

O4 - Startup: Filhanteraren.lnk = D:\Program\zabkat\xplorer2\xplorer2_UC.exe

O4 - Startup: MailWasherPro.lnk = D:\Program\MailWasher Pro\MailWasher.exe

O4 - Startup: Norton System Doctor.LNK = D:\Program\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE

O4 - Startup: Outlook Express.lnk = C:\Program\Outlook Express\msimn.exe

O4 - Startup: Outlook.lnk = ?

O4 - Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Startup: Skärmsläckarkontroll.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Port för Symantec Fax Starter Edition.lnk = D:\Program\Microsoft Office\Office\1053\OLFSNT40.EXE

O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - D:\Program\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: *.handelsbanken.se

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205417545546

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223471404077

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5327/mcfscan.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab

O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - d:\Program\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - D:\Program\Cacheman\CachemanXP.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CLRSERV - Unknown owner - C:\Program\Shield\Drive image\CLRSERV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Dimension4 - Thinking Man Software - D:\Program\D4\D4.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Imapi Helper - Alex Feinman - D:\Program\SO Recorder\ImapiHelper.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Program\CDBurnerXP\NMSAccessU.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - D:\Program\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PixVue - PixVue.Com - D:\Program\PixVue.Com\PixVue\bin\Daemon.exe

O23 - Service: SHDSERV - Unknown owner - C:\Program\Shield\shdserv.exe

O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program\Shield\shieldclnt.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\Program\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 12414 bytes

[/log]

 

Link to comment
Share on other sites

men casino1.ico finns ö h t inte på min dator.
Det kan man inte lita på. Om nu Norton hittar filen så borde den ju finnas.

Jo, jag har också googlar och hittade trådar där MBAM hade tagit bort casino1.ico.

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

[log]Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck OK och senare Y följt av Enter för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Om SDFix inte startar automatiskt efter omstarten av datorn så startar du Runthis.bat som förut men trycker F i stället för Y.

 

Om loggen inte kommer upp automatiskt så öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i loggen i ditt svar här.[/log]

 

Link to comment
Share on other sites

Här kommer logg än en gång (vilken energi du har!)

Ingen casino i den texten är jag rädd...Bugg i NSS?

 

[log]

SDFix: Version 1.240

Run by Jan G Romander on 2008-12-27 at 18:59

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

C:\WINDOWS

: 108

Total size: 108 bytes.

WINDOWS: Åtkomst nekad.

 

Checking for remaining Streams

 

C:\WINDOWS

: 108

Total size: 108 bytes.

 

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-27 19:07:51

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

disk error: C:\WINDOWS\system32\config\system, 0

scanning hidden registry entries ...

 

disk error: C:\WINDOWS\system32\config\software, 0

disk error: C:\Documents and Settings\Jan G Romander\ntuser.dat, 0

scanning hidden files ...

 

disk error: C:\WINDOWS\

 

please note that you need administrator rights to perform deep scan

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\\Program\\Microsoft Office\\Office\\1053\\WFXMSRVR.EXE"="D:\\Program\\Microsoft Office\\Office\\1053\\WFXMSRVR.EXE:*:Enabled:WFXMSRVR"

"D:\\Program\\D4\\D4.exe"="D:\\Program\\D4\\D4.exe:*:Enabled:Dimension 4"

"C:\\Program\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"

"C:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Fri 3 Nov 2006 108 A.SHR --- "C:\WINDOWS\neoqaz2.dll"

Thu 3 Jul 2008 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

 

Finished!

 

[/log]

 

Link to comment
Share on other sites

Problemet är ju att NSS faktiskt INTE hittar filen (av det enkla skälet att den inte finns?), det är väl därför processen stannar upp..

 

Link to comment
Share on other sites

Ett stooort tack till Cecilia för visat intresse och imponerande energi, det blev ju en del skräp utstädat ändå samt en del nedladdade program som säkert kan komma till användning i andra sammanhang. Tack Cecilia!

 

Link to comment
Share on other sites

ADS Check :

 

C:\WINDOWS

: 108

Total size: 108 bytes.

WINDOWS: Åtkomst nekad.

 

Ovanstående är skumt, liksom följande:

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Du har väl administratörskonto?

 

Fri 3 Nov 2006 108 A.SHR --- "C:\WINDOWS\neoqaz2.dll"

Har du eller har haft ett program som heter pic2icon?

 

Link to comment
Share on other sites

Jag har administrationsrättigheter men skulle kunna logga in som ren administratör om det nu gör någon skillnad....

 

Jag känner inte till att jag någonsin haft ett program med namnet pic2icon.

Jag sökte för säkerhets skull igenom alla filer på systemdisken (C:) efter filer som innehåller pic2icon som ett ord eller en fras i filen utan resultat.

 

Link to comment
Share on other sites

Jag har administrationsrättigheter men skulle kunna logga in som ren administratör om det nu gör någon skillnad....
Pröva

 

Fri 3 Nov 2006 108 A.SHR --- "C:\WINDOWS\neoqaz2.dll"

Högerklicka på filen och välj Egenskaper. Finns det där på någon flik något som kan knyta den till någon produkt eller företag?

 

Link to comment
Share on other sites

neoqaz2.dll (108 B) bär registreringsinformation för xplorer2 (en filhanterare). Om man tar bort den får man skriva in reg-nyckel på nytt.

 

Jag körde SDFix som administratör, vilket endast tog några minuter, startade om och väntade ca 45 min med svart skärm innan jag bröt denna process (med våld). Därefter kunde datorn ö h t inte starta och endast med hjälp av Rollback kunde jag backa bandet till någon timme före jag körde SDFix, så ingen skada skedd. Men jag tror jag nöjer mig med detta. Jag tror i alla fall att NSS har en bugg.

 

Link to comment
Share on other sites

Det var ju tråkigt att det blev så med SDFix, och du har förstås rätt att avbryta vidare sökning, men något skumt med datorn är det för det är inte normala loggar som kommer ut.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

Link to comment
Share on other sites

Tack för tipset, men imorgon lämnar jag datorn i och med att jag åker hem till stan, så denna dator träffar jag inte på förrän kanske i februari nästa gång. Ska bli intressant att se om stockholmsdatorn har samma problem med NSS.

Tack i alla fall!

 

Stockholmsdatorn klarade av NSS utan problem med casino1.ico, så det ligger kanske något i vad du säger om att det är något skumt med datorn på landet. Får felsöka detta vidare nästa gång jag kommer dit.

 

[inlägget ändrat 2008-12-29 01:54:43 av Jiger]

[inlägget ändrat 2008-12-29 23:20:35 av Jiger]

Link to comment
Share on other sites

  • 1 month later...

Hej igen,

 

Jag befinner mig åter vid aktuell dator och skulle vilja dra detta ett varv till. Jag har gjort följande iakttagelser: NSS låter sig i köras full scan UTAN PROBLEM i felsäkert läge. Hittade några välkända cookies som jag tog bort men som snabbt lär återvända...

Kör jag NSS i normalt läge - samma hängning vid system32/casino1.ico

NSS letar ju f ö bl a efter speciella filer, t ex tog den lång tid att söka efter system32/amvo.exe och windows\temp\e-card.exe, men den ger sig vidare efter ett tag när den inte hittar nåt, utom i fallet casino1.ico. Men som sagt i felsäkert läge hänger den sig inte utan söker igenom datorn fullständigt utan problem.

Malwarebytes Anti-malware har inte hittat något suspect. Lavasoft Anniversary Edition kunde inte heller köra i normalt läge utan att hänga sig (på annan plats än system32) och hittade ett allvarligt problem relaterat till SDFix, som den då fick ta bort, när den fick köras i felsäkert läge.

Vad göra nu? HijackThis? Cecilia?

 

Mvh

 

Link to comment
Share on other sites

Jag hoppas att du har uppdaterat MBAM, för den är nu uppe på version 1.34 jämfört med 1.31 som gällde 27 december.

 

system32/amvo.exe är normalt en skadlig fil och även e-card.exe låter ju som något skadligt som kommer med spam-mejl.

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...