Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Bokaj

Pages: [1] 2
1
Tech Clinic / A worm or trojan?
« on: October 27, 2008, 08:13:36 AM »
[quote name=\'guestolo\' post=\'445445\' date=\'Oct 27 2008, 03:40 PM\']Just to be on the safe side
Clear Cache in Java
Open the Windows Control panel and double click on the Java icon
Click "Settings" under Temporary Internet Files
Then click "Delete Files" >>"OK"

You can OK out of there afterwards[/quote]

Thank you so much!

Best regards,

Bokaj!

2
Tech Clinic / A worm or trojan?
« on: October 27, 2008, 03:05:48 AM »
[quote name=\'guestolo\' post=\'445381\' date=\'Oct 27 2008, 02:43 AM\']Your log looks ok
Any indication what folder Norton's found the Worm/trojan?[/quote]

Hi Guestolo!

Thanks for your quick reply, and it was with great relief I read it:-)

Anyways here is the Norton info about the Trojan:

Kilde(source): OP.class
Beskrivelse(description): (The compressed file) Den komprimerte filen OP.class i C:\Documents and Settings\Bruker\Programdata\Sun\Java\Deployment\cache\6.0\1\4d256081-3c2c6a38 (is infected with the
virus) er infisert med viruset Trojan.ByteVerify.

In the Norton log, it says that it was able to delete the file.

If everything is ok, then I'm a happy man.

Bokaj.

3
Tech Clinic / A worm or trojan?
« on: October 26, 2008, 05:41:33 PM »
Hi!

My Norton 2004 recently discovered a worm during a scan. It said that it was able to delete it,
but I don't trust that software 100%. Perhaps I'm wrong, but it would be great to be on the safe side.

If someone could please take a look at this logfile from HJT, I would be very happy.

Thank you!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:17, on 2008-10-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8904 bytes

4
Tech Clinic / Need some help - my PC is shutting down
« on: June 17, 2008, 12:19:25 PM »
Everything is uninstalled and installed  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Should I uninstall Lavasofts Ad Aware SE and Spybot when I use SpywareBlaster?

Thanks for everything. The PC hasn't shut down since you started giving me
first aid. Great work!

Best regard's
Bokaj

5
Tech Clinic / Need some help - my PC is shutting down
« on: June 17, 2008, 04:11:26 AM »
Good morning!

I don't know that file...sorry. Here's the link to Virustotal.

http://www.virustotal.com/analisis/a6943fc...e33c2b86bce0ad4


Here's the uninstall list from HJT:

ACDSee
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe After Effects 7.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 2.0
Adobe Premiere Pro
Adobe Reader 6.0.1 - Norsk
Adobe Stock Photos 1.0
Adobe Type Manager Deluxe 4.1
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CC_ccStart
ccCommon
CCleaner (remove only)
CleanUp!
Core FTP LE 1.3c
Creative Jukebox Driver
Creative MediaSource
HijackThis 2.0.2
HP Deskjet Preloaded Printer Drivers
HP Software Update
Image Grabber II
Indeo® XP Software
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(tm) 6 Update 2
Java(tm) 6 Update 3
Java(tm) 6 Update 5
Java(tm) SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 1.56
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Maxtor OneTouch
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Norwegian Language Pack
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.14)
MSN-verktøylinjen
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MyFonts Order M729227
Nokia Connectivity Cable Driver
Nokia PC Suite
NOMAD Explorer
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
Oppdatering for Windows XP (KB894391)
Oppdatering for Windows XP (KB896727)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB900485)
Oppdatering for Windows XP (KB910437)
Oppdatering for Windows XP (KB911280)
Oppdatering for Windows XP (KB916595)
Oppdatering for Windows XP (KB920872)
Oppdatering for Windows XP (KB922582)
Oppdatering for Windows XP (KB927891)
Oppdatering for Windows XP (KB929338)
Oppdatering for Windows XP (KB930916)
Oppdatering for Windows XP (KB931836)
Oppdatering for Windows XP (KB933360)
Oppdatering for Windows XP (KB936357)
Oppdatering for Windows XP (KB938828)
Oppdatering for Windows XP (KB942763)
Oppdatering for Windows XP (KB942840)
Oppdatering for Windows XP (KB946627)
PC Connectivity Solution
Pegasus Imaging's PICVideo 3
Photosmart 140,240,7200,7600,7700,7900 Series
QuickTime
QuickTime Alternative 1.81
RecordNow!
Sikkerhetsoppdatering for Windows Media Player (KB911564)  
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows Media Player 9 (KB911565)
Sikkerhetsoppdatering for Windows Media Player 9 (KB917734)
Sikkerhetsoppdatering for Windows Media Player 9 (KB936782)
Sikkerhetsoppdatering for Windows XP (KB883939)
Sikkerhetsoppdatering for Windows XP (KB890046)
Sikkerhetsoppdatering for Windows XP (KB893756)
Sikkerhetsoppdatering for Windows XP (KB896358)
Sikkerhetsoppdatering for Windows XP (KB896422)
Sikkerhetsoppdatering for Windows XP (KB896423)
Sikkerhetsoppdatering for Windows XP (KB896424)
Sikkerhetsoppdatering for Windows XP (KB896428)
Sikkerhetsoppdatering for Windows XP (KB896688)
Sikkerhetsoppdatering for Windows XP (KB899587)
Sikkerhetsoppdatering for Windows XP (KB899588)
Sikkerhetsoppdatering for Windows XP (KB899591)
Sikkerhetsoppdatering for Windows XP (KB900725)
Sikkerhetsoppdatering for Windows XP (KB901017)
Sikkerhetsoppdatering for Windows XP (KB901214)
Sikkerhetsoppdatering for Windows XP (KB902400)
Sikkerhetsoppdatering for Windows XP (KB903235)
Sikkerhetsoppdatering for Windows XP (KB904706)
Sikkerhetsoppdatering for Windows XP (KB905414)
Sikkerhetsoppdatering for Windows XP (KB905749)
Sikkerhetsoppdatering for Windows XP (KB905915)
Sikkerhetsoppdatering for Windows XP (KB908519)
Sikkerhetsoppdatering for Windows XP (KB908531)
Sikkerhetsoppdatering for Windows XP (KB911562)
Sikkerhetsoppdatering for Windows XP (KB911567)
Sikkerhetsoppdatering for Windows XP (KB911927)
Sikkerhetsoppdatering for Windows XP (KB912812)
Sikkerhetsoppdatering for Windows XP (KB912919)
Sikkerhetsoppdatering for Windows XP (KB913446)
Sikkerhetsoppdatering for Windows XP (KB913580)
Sikkerhetsoppdatering for Windows XP (KB914388)
Sikkerhetsoppdatering for Windows XP (KB914389)
Sikkerhetsoppdatering for Windows XP (KB916281)
Sikkerhetsoppdatering for Windows XP (KB917159)
Sikkerhetsoppdatering for Windows XP (KB917344)
Sikkerhetsoppdatering for Windows XP (KB917422)
Sikkerhetsoppdatering for Windows XP (KB917953)
Sikkerhetsoppdatering for Windows XP (KB918118)
Sikkerhetsoppdatering for Windows XP (KB918439)
Sikkerhetsoppdatering for Windows XP (KB918899)
Sikkerhetsoppdatering for Windows XP (KB919007)
Sikkerhetsoppdatering for Windows XP (KB920213)
Sikkerhetsoppdatering for Windows XP (KB920214)
Sikkerhetsoppdatering for Windows XP (KB920670)
Sikkerhetsoppdatering for Windows XP (KB920683)
Sikkerhetsoppdatering for Windows XP (KB920685)
Sikkerhetsoppdatering for Windows XP (KB921398)
Sikkerhetsoppdatering for Windows XP (KB921503)
Sikkerhetsoppdatering for Windows XP (KB921883)
Sikkerhetsoppdatering for Windows XP (KB922616)
Sikkerhetsoppdatering for Windows XP (KB922760)
Sikkerhetsoppdatering for Windows XP (KB922819)
Sikkerhetsoppdatering for Windows XP (KB923191)
Sikkerhetsoppdatering for Windows XP (KB923414)
Sikkerhetsoppdatering for Windows XP (KB923689)
Sikkerhetsoppdatering for Windows XP (KB923694)
Sikkerhetsoppdatering for Windows XP (KB923980)
Sikkerhetsoppdatering for Windows XP (KB924191)
Sikkerhetsoppdatering for Windows XP (KB924270)
Sikkerhetsoppdatering for Windows XP (KB924496)
Sikkerhetsoppdatering for Windows XP (KB924667)
Sikkerhetsoppdatering for Windows XP (KB925454)
Sikkerhetsoppdatering for Windows XP (KB925486)
Sikkerhetsoppdatering for Windows XP (KB925902)
Sikkerhetsoppdatering for Windows XP (KB926255)
Sikkerhetsoppdatering for Windows XP (KB926436)
Sikkerhetsoppdatering for Windows XP (KB927779)
Sikkerhetsoppdatering for Windows XP (KB927802)
Sikkerhetsoppdatering for Windows XP (KB928090)
Sikkerhetsoppdatering for Windows XP (KB928255)
Sikkerhetsoppdatering for Windows XP (KB928843)
Sikkerhetsoppdatering for Windows XP (KB929123)
Sikkerhetsoppdatering for Windows XP (KB929969)
Sikkerhetsoppdatering for Windows XP (KB930178)
Sikkerhetsoppdatering for Windows XP (KB931261)
Sikkerhetsoppdatering for Windows XP (KB931768)
Sikkerhetsoppdatering for Windows XP (KB931784)
Sikkerhetsoppdatering for Windows XP (KB932168)
Sikkerhetsoppdatering for Windows XP (KB933566)
Sikkerhetsoppdatering for Windows XP (KB933729)
Sikkerhetsoppdatering for Windows XP (KB935839)
Sikkerhetsoppdatering for Windows XP (KB935840)
Sikkerhetsoppdatering for Windows XP (KB936021)
Sikkerhetsoppdatering for Windows XP (KB937143)
Sikkerhetsoppdatering for Windows XP (KB938127)
Sikkerhetsoppdatering for Windows XP (KB938829)
Sikkerhetsoppdatering for Windows XP (KB939653)
Sikkerhetsoppdatering for Windows XP (KB941202)
Sikkerhetsoppdatering for Windows XP (KB941568)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB941644)
Sikkerhetsoppdatering for Windows XP (KB941693)
Sikkerhetsoppdatering for Windows XP (KB942615)
Sikkerhetsoppdatering for Windows XP (KB943055)
Sikkerhetsoppdatering for Windows XP (KB943460)
Sikkerhetsoppdatering for Windows XP (KB943485)
Sikkerhetsoppdatering for Windows XP (KB944338)
Sikkerhetsoppdatering for Windows XP (KB944533)
Sikkerhetsoppdatering for Windows XP (KB944653)
Sikkerhetsoppdatering for Windows XP (KB945553)
Sikkerhetsoppdatering for Windows XP (KB946026)
Sikkerhetsoppdatering for Windows XP (KB947864)
Sikkerhetsoppdatering for Windows XP (KB948590)
Sikkerhetsoppdatering for Windows XP (KB948881)
Sikkerhetsoppdatering for Windows XP (KB950749)
Sikkerhetsoppdatering for Windows XP (KB950759)
Sikkerhetsoppdatering for Windows XP (KB950760)
Sikkerhetsoppdatering for Windows XP (KB950762)
Sikkerhetsoppdatering for Windows XP (KB951376)
Sikkerhetsoppdatering for Windows XP (KB951698)
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
Sony Sound Forge 7.0
SoulSeek Client 156c
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stickies 5.2a
Symantec Script Blocking Installer
Symantec Technical Support Web Controls
SymNet
Synaptics Pointing Device Driver
Syncrosoft's License Control
USB Storage Adapter FX (MXO)
Voxware Audio decoder 1.6
VUPlayer
Winamp (remove only)
Windows Driver Package - Nokia (WUDFRd) WPD  (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem  (11/03/2006 6.82.0.1)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP hurtigreparasjon - KB873333    
Windows XP hurtigreparasjon - KB873339
Windows XP hurtigreparasjon - KB885250
Windows XP hurtigreparasjon - KB885835
Windows XP hurtigreparasjon - KB885836
Windows XP hurtigreparasjon - KB886185
Windows XP hurtigreparasjon - KB887472
Windows XP hurtigreparasjon - KB887742
Windows XP hurtigreparasjon - KB888113
Windows XP hurtigreparasjon - KB888302
Windows XP hurtigreparasjon - KB890175
Windows XP hurtigreparasjon - KB890859
Windows XP hurtigreparasjon - KB890923
Windows XP hurtigreparasjon - KB891781
Windows XP hurtigreparasjon - KB893066
Windows XP hurtigreparasjon - KB893086
WinRAR archiver
Xerox Support Centre
Xvid 1.1.2 final uninstall
YV12 QuickTime Codec

Do you know if I can uninstall some of the old updates, or do everything need to be there?

Bokaj.

6
Tech Clinic / Need some help - my PC is shutting down
« on: June 16, 2008, 04:30:02 PM »
Hi again!

I could boot into both safemode and safemode with Network without any problems.

Here's the DSS log:

Deckard's System Scanner v20071014.68
Run by Bruker on 2008-06-16 23:34:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]System Drive C: has 5.92 GiB (less than 15%) free.[/color]


-- HijackThis (run as Bruker.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8758 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-10 12:20:02         0 d-------- C:\Programfiler\OKI driver
2008-06-10 11:42:28   1090560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-01 13:06:31         0 dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25:52    208896 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-01 12:25:51    101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 12:25:50    119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-01 12:25:50      9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-01 12:25:50    141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-01 12:25:46     32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-01 12:25:45         0 d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:24:11   5164815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe <Not Verified; Koyote Soft; >


-- Find3M Report ---------------------------------------------------------------

2008-06-16 23:29:55         0 d-------- C:\Programfiler\Fellesfiler
2008-06-16 13:00:27         0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 11:30:20         0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 22:46:45         0 d-------- C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 23:19:03         0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-02 16:16:14         0 d-------- C:\Programfiler\Java
2008-04-27 16:57:51         0 d-------- C:\Documents and Settings\Bruker\Programdata\Adobe
2008-04-06 10:27:35       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-03 23:37:53      2553 --a------ C:\WINDOWS\unins000.dat
2008-04-03 23:34:45    691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:28:51    387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51     61698 --a------ C:\WINDOWS\system32\perfc014.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)




-- End of Deckard's System Scanner: finished at 2008-06-16 23:34:58 ------------

And the log from OTMoveit2:

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d >
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d\\ deleted successfully.
< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d >
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d\\ deleted successfully.
C:\Documents and Settings\Bruker\DoctorWeb\Quarantine moved successfully.
C:\Documents and Settings\Bruker\DoctorWeb moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_231904


Thanks Guestolo!

Best wishes,
Bokaj.

7
Tech Clinic / Need some help - my PC is shutting down
« on: June 16, 2008, 03:54:56 AM »
The link is still dead, so I made the .bat file instead, and didn't run the DSS scan.

Heres the export.txt log:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SYMTDI]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"


Thank you - the Jedi night of malware fighting  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Bokaj

8
Tech Clinic / Need some help - my PC is shutting down
« on: June 16, 2008, 03:43:41 AM »
Thanks! You are one of a kind Guestolo!

That solved the issue with Norton.

[quote name=\'guestolo\' post=\'431853\' date=\'Jun 16 2008, 12:24 AM\']That's looking better


Nope, never experienced it, but I don't use Norton's anymore
2 options, your version of Norton's is outdated, we can replace it with a free version of another AV that will update
Or try the following link and let me know if it resolves your problems please

http://service4.symantec.com/SUPPORT/nav.n...000030608314206[/quote]

9
Tech Clinic / Need some help - my PC is shutting down
« on: June 15, 2008, 05:19:18 PM »
And here's the DSS log.
I only got the main.txt log, nothing called extra.txt was minimized.

Deckard's System Scanner v20071014.68
Run by Bruker on 2008-06-16 00:04:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]System Drive C: has 4.49 GiB (less than 15%) free.[/color]


-- HijackThis (run as Bruker.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8637 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-15 23:48:41     53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-12 17:19:30         0 d-------- C:\Documents and Settings\Bruker\DoctorWeb
2008-06-12 12:52:40     68096 --a------ C:\WINDOWS\zip.exe
2008-06-12 12:52:40     49152 --a------ C:\WINDOWS\VFind.exe
2008-06-12 12:52:40    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-12 12:52:40    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-12 12:52:40    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-12 12:52:40     98816 --a------ C:\WINDOWS\sed.exe
2008-06-12 12:52:40     80412 --a------ C:\WINDOWS\grep.exe
2008-06-12 12:52:40     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 12:20:02         0 d-------- C:\Programfiler\OKI driver
2008-06-10 11:42:28   1090560 --a------ C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-01 13:06:31         0 dr-h----- C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25:52    208896 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-01 12:25:51    101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 12:25:50    119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-01 12:25:50      9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-01 12:25:50    141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-01 12:25:46     32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-01 12:25:45         0 d-------- C:\Programfiler\Free FLV Converter
2008-06-01 12:24:11   5164815 --a------ C:\Programfiler\Setup_FreeFlvConverterN.exe <Not Verified; Koyote Soft; >


-- Find3M Report ---------------------------------------------------------------

2008-06-15 23:51:26         0 d-------- C:\Programfiler\Fellesfiler
2008-06-12 14:45:35         0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 11:30:20         0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 22:46:45         0 d-------- C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 23:19:03         0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-02 16:16:14         0 d-------- C:\Programfiler\Java
2008-04-27 16:57:51         0 d-------- C:\Documents and Settings\Bruker\Programdata\Adobe
2008-04-06 10:27:35       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-03 23:37:53      2553 --a------ C:\WINDOWS\unins000.dat
2008-04-03 23:34:45    691545 --a------ C:\WINDOWS\unins000.exe
2008-03-31 16:28:51    387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51     61698 --a------ C:\WINDOWS\system32\perfc014.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-16 00:05:07 ------------

Hope this helps.?

Thank you,
Bokaj.

10
Tech Clinic / Need some help - my PC is shutting down
« on: June 15, 2008, 05:17:18 PM »
Hi Guestolo!

Thanks for the new advice and guidance.
Here's the log from ComboFix, it's was found inside the C:/Combofix (folder)


ComboFix 08-06-15.2 - Bruker 2008-06-15 23:45:22.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.646 [GMT 2:00]
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
C:\WINDOWS\system32\.5796532d\5796532d.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\.5796532d
C:\WINDOWS\system32\.5796532d\5796532d.Aff.config
C:\WINDOWS\system32\.5796532d\5796532d.BR.config
C:\WINDOWS\system32\.5796532d\5796532d.core.dll
C:\WINDOWS\system32\.5796532d\5796532d.GR.config
C:\WINDOWS\system32\.5796532d\5796532d.Rdr.config
C:\WINDOWS\system32\.5796532d\5796532d.ServerPlugin.config
.
---- Previous Run -------
.
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\.5796532d . . . . failed to delete

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_5796532D


(((((((((((((((((((((((((   Files Created from 2008-05-15 to 2008-06-15  )))))))))))))))))))))))))))))))
.

2008-06-12 17:19 . 2008-06-12 17:21   <DIR>   d--------   C:\Documents and Settings\Bruker\DoctorWeb
2008-06-12 03:04 . 2008-06-12 03:04   127   --a------   C:\WINDOWS\system32\MRT.INI
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20   <DIR>   d--------   C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42   1,090,560   --a------   C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-15 23:51   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-15 23:42   <DIR>   dr-h-----   C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04   <DIR>   d--------   C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22   364,544   --a------   C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30   208,896   --a------   C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42   208,500   --a------   C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00   141,312   --a------   C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00   119,568   --a------   C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00   101,888   --a------   C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00   84,512   --a------   C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00   32,768   --a------   C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31   24,576   --a------   C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00   9,728   --a------   C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24   5,164,815   --a------   C:\Programfiler\Setup_FreeFlvConverterN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:45   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:16   ---------   d-----w   C:\Programfiler\Java
2008-04-03 21:34   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-02-21 13:43   11,768,139   ----a-w   C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35   12,934,148   ----a-w   C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20   1,230,520   ----a-w   C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58   382,431   ----a-w   C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49   643,144   ----a-w   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06   33,462,508   ----a-w   C:\Programfiler\klmcodec156.exe
2006-03-13 14:33   31,488   ----a-w   C:\Programfiler\unins000.dat
2006-03-13 14:32   689,497   ----a-w   C:\Programfiler\unins000.exe
2006-03-13 14:27   3,971,184   ----a-w   C:\Programfiler\rminstall.exe
2005-11-28 02:48   610,831   ----a-w   C:\Programfiler\stickies.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-12_13.10.39.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-15 21:51:02   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5796532d]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Symantec\\LiveUpdate\\LUALL.EXE"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 18:04:53 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"


Best regard's
Bokaj

11
Tech Clinic / Need some help - my PC is shutting down
« on: June 13, 2008, 07:26:15 AM »
[quote name=\'guestolo\' post=\'431404\' date=\'Jun 12 2008, 04:06 PM\']You cut off the bottom part of that combofix log
Can you post anything below the following lines
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"

Remember, the default location of the log is at C:\ComboFix.txt[/quote]


Hi again Guestolo, sorry for my late reply.

There is actually nothing below that line in the ComboFix document. It ends there...
I followed your instructions very carefully, but perhaps I did something wrong.?

Dr.Web actually took away the ComboFix software...

This is from Dr.Web log (also see attached image from Excel):

psexesvc.exe;c:\windows;Program.PsExec.170;Moved.;
5796532d.exe;c:\windows\system32\.5796532d;Trojan.Virtumod.based.14;Urensbar.Flyttet.;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Bruker\Skrivebord;Archive contains infected objects;Moved.;
A0021991.dll;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP52;Trojan.Virtumod.based.14;Incurable.Moved.;
A0023063.EXE;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP53;Program.PsExec.170;Moved.;
A0023132.exe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54;Trojan.Virtumod.based.14;Incurable.Moved.;
A0023133.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54\A0023133.exe;Program.PsExec.171;;
A0023133.exe;C:\System Volume Information\_restore{41E741EB-AF3A-429F-A308-7C932868B485}\RP54;Archive contains infected objects;Moved.;
PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;Invalid path to file ;

[attachment=4578:Dr.Web_log.JPG]


AND HERE'S THE FRESH HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8777 bytes

Things seems to be running a little smoother. The PC hasn't crashed since you started giving me
some first aid. But according to the Dr.Web my PC is infected with some Trojans.

But there's a problem with Norton Anti Virus 2004. The Live Update won't work. I just don't give me
the latest updates. When I push Live Update, it connects to the server, and the taskbar says everything
is good, but after I close Live Update - Norton says that my virus definitions are old and not updated.
I've tried to search on Symantec's pages, but haven't found any answers. Have you ever experienced
this problem?

Best wishes,
Bokaj

12
Tech Clinic / Need some help - my PC is shutting down
« on: June 12, 2008, 09:54:45 AM »
Hi again, and thanks for instructions and help!

Here's the fresh CF log:


ComboFix 08-06-10.5 - Bruker 2008-06-12 16:45:29.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.617 [GMT 2:00]
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\.5796532d . . . . failed to delete

.
(((((((((((((((((((((((((   Files Created from 2008-05-12 to 2008-06-12  )))))))))))))))))))))))))))))))
.

2008-06-12 03:04 . 2008-06-12 03:04   127   --a------   C:\WINDOWS\system32\MRT.INI
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20   <DIR>   d--------   C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42   1,090,560   --a------   C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-12 16:54   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-12 16:40   <DIR>   dr-h-----   C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04   <DIR>   d--------   C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22   364,544   --a------   C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30   208,896   --a------   C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42   208,500   --a------   C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00   141,312   --a------   C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00   119,568   --a------   C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00   101,888   --a------   C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00   84,512   --a------   C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00   32,768   --a------   C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31   24,576   --a------   C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00   9,728   --a------   C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24   5,164,815   --a------   C:\Programfiler\Setup_FreeFlvConverterN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:45   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:16   ---------   d-----w   C:\Programfiler\Java
2008-04-03 21:34   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-02-21 13:43   11,768,139   ----a-w   C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35   12,934,148   ----a-w   C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20   1,230,520   ----a-w   C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58   382,431   ----a-w   C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49   643,144   ----a-w   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06   33,462,508   ----a-w   C:\Programfiler\klmcodec156.exe
2006-03-13 14:33   31,488   ----a-w   C:\Programfiler\unins000.dat
2006-03-13 14:32   689,497   ----a-w   C:\Programfiler\unins000.exe
2006-03-13 14:27   3,971,184   ----a-w   C:\Programfiler\rminstall.exe
2005-11-28 02:48   610,831   ----a-w   C:\Programfiler\stickies.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-12_13.10.39.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-12 14:51:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"

13
Tech Clinic / Need some help - my PC is shutting down
« on: June 12, 2008, 08:31:38 AM »
Thanks for your quick reply!

Here's the permalink for C:\WINDOWS\system32\.5796532d\5796532d.exe

http://www.virustotal.com/analisis/994acbf...22b28f2bcc250ce

And the rest of text:

MD5: 6b2b5518ce11ab321cd5be83d25d0ac7
First received: 04.28.2008 02:02:51 (CET)
Date: 04.28.2008 02:02:51 (CET) [>45D]
Results: 15/32
Permalink: analisis/994acbf286634da3e22b28f2bcc250ce

Here's the other one - C:\WINDOWS\system32\.5796532d\5796532d.core.dll

Permalink: http://www.virustotal.com/analisis/c82a57b...d5a49e60074793b

And rest of the text:

MD5: b7d3d542706d6dc18f48c065ea606d74
First received: 05.30.2008 11:25:11 (CET)
Date: 05.30.2008 11:25:13 (CET) [>13D]
Results: 8/32
Permalink: analisis/c82a57b06dffc1071d5a49e60074793b


Best wishes,
Bokaj

14
Tech Clinic / Need some help - my PC is shutting down
« on: June 12, 2008, 06:30:37 AM »
Hi again Guestolo! Thank you for the help!

I've done the ComboFix scan, here's the log:

ComboFix 08-06-10.5 - Bruker 2008-06-12 13:23:48.2 - NTFSx86
Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Gjest\Lokale innstillinger\Programdata\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\kblcmchw.dll

.
(((((((((((((((((((((((((   Files Created from 2008-05-12 to 2008-06-12  )))))))))))))))))))))))))))))))
.

2008-06-12 03:04 . 2008-06-12 03:04   127   --a------   C:\WINDOWS\system32\MRT.INI
2008-06-12 03:01 . 2008-06-12 03:02   1,374   --a------   C:\WINDOWS\imsins.BAK
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:20 . 2008-04-14 17:54   272,256   ---------   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 12:20 . 2008-06-10 12:20   <DIR>   d--------   C:\Programfiler\OKI driver
2008-06-10 11:42 . 2008-06-10 11:42   1,090,560   --a------   C:\Programfiler\w2kpcl6ES3640mfp.exe
2008-06-04 00:47 . 2008-06-12 13:20   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-06-04 00:47 . 2008-06-04 00:47   1,409   --a------   C:\WINDOWS\QTFont.for
2008-06-01 13:06 . 2008-06-12 12:35   <DIR>   dr-h-----   C:\Documents and Settings\Bruker\Siste
2008-06-01 12:25 . 2008-06-01 13:04   <DIR>   d--------   C:\Programfiler\Free FLV Converter
2008-06-01 12:25 . 2007-06-19 01:22   364,544   --a------   C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-01 12:25 . 2008-05-15 11:30   208,896   --a------   C:\WINDOWS\system32\TubeFinder.exe
2008-06-01 12:25 . 2005-10-13 15:42   208,500   --a------   C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-01 12:25 . 1998-07-13 01:00   141,312   --a------   C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-01 12:25 . 2000-10-01 21:00   119,568   --a------   C:\WINDOWS\system32\VB6FR.DLL
2008-06-01 12:25 . 2000-07-15 07:00   101,888   --a------   C:\WINDOWS\system32\VB6STKIT.DLL
2008-06-01 12:25 . 2004-03-09 02:00   84,512   --a------   C:\WINDOWS\system32\PICCLP32.OCX
2008-06-01 12:25 . 1998-07-12 21:00   32,768   --a------   C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-01 12:25 . 2005-09-28 03:31   24,576   --a------   C:\WINDOWS\system32\ControlSubX.ocx
2008-06-01 12:25 . 1998-07-13 02:00   9,728   --a------   C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 12:24 . 2008-06-01 12:24   5,164,815   --a------   C:\Programfiler\Setup_FreeFlvConverterN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 01:10   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-06-11 09:30   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-06-03 20:46   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\U3
2008-05-19 21:19   ---------   d-----w   C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28   202,752   ------w   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:16   1,290,752   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-05-07 05:16   1,290,752   ------w   C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 14:16   ---------   d-----w   C:\Programfiler\Java
2008-04-17 10:52   18,432   ------w   C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-03 21:34   691,545   ----a-w   C:\WINDOWS\unins000.exe
2008-03-25 04:51   621,344   ----a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   621,344   ------w   C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51   166,688   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51   166,688   ------w   C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:11   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-20 08:11   1,845,248   ------w   C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-21 13:43   11,768,139   ----a-w   C:\Programfiler\blender-2.45-windows.zip
2007-05-07 16:35   12,934,148   ----a-w   C:\Programfiler\quicktimealt181.exe
2007-02-27 17:20   1,230,520   ----a-w   C:\Programfiler\Install_FastSend_Plug-in_3.exe
2006-12-05 12:58   382,431   ----a-w   C:\Programfiler\MPEG_Streamclip_1[1].0.zip
2006-11-03 13:49   643,144   ----a-w   C:\Programfiler\XviD-1.1.2-01112006.exe
2006-08-10 16:06   33,462,508   ----a-w   C:\Programfiler\klmcodec156.exe
2006-03-13 14:33   31,488   ----a-w   C:\Programfiler\unins000.dat
2006-03-13 14:32   689,497   ----a-w   C:\Programfiler\unins000.exe
2006-03-13 14:27   3,971,184   ----a-w   C:\Programfiler\rminstall.exe
2005-11-28 02:48   610,831   ----a-w   C:\Programfiler\stickies.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-12_13.10.39.53   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-12 11:02:13   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-12 11:19:22   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 17:16 88267 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-03-01 14:05 200766]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 22:10 335872]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 19:15 98304]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 19:15 536576]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 21:03 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:58 483328]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-30 17:06 71304]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-06-23 20:46 100056]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [ ]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09 118784]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [2007-12-11 11:56 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]
"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 13:50:38 113664]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [2005-05-29 21:37:09 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kblcmchw]
kblcmchw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Soulseek\\slsk.exe"=
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Programfiler\\CoreFTP\\coreftp.exe"=
"C:\\Programfiler\\stickies\\stickies.exe"=
"C:\\Programfiler\\uTorrent\\utorrent.exe"=
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=

R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2004-03-18 03:20]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 05:46]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 10:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:34:22 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job"
- C:\PROGRA~1\NORTON~1\Navw32.exec/task:
"2008-06-12 08:15:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 13:27:34
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

C:\WINDOWS\system32\.5796532d\5796532d.exe [2012] 0x862D0DA0

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????7?8?0?9??????? ???B???????????????B????????

scanning hidden files ...


C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp2F3.tmp.5796532d.tmp 249856 bytes executable
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp44.tmp.5796532d.tmp 249856 bytes executable
C:\DOCUME~1\Bruker\LOKALE~1\Temp\tmp1BAB.tmp.5796532d.tmp 249856 bytes executable
C:\WINDOWS\system32\.5796532d

scan completed successfully
hidden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\5796532d]
"ImagePath"="C:\WINDOWS\system32\.5796532d\5796532d.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\.5796532d\5796532d.core.dll
.
Completion time: 2008-06-12 13:30:44
ComboFix-quarantined-files.txt  2008-06-12 11:30:30

Pre-Run: 3,709,607,936 byte ledig
Post-Run: 3,699,453,952 byte ledig

171   --- E O F ---   2008-06-12 01:04:59


AND HERE'S THE FRESH HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:23, on 12.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O20 - Winlogon Notify: kblcmchw - kblcmchw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8689 bytes


That's it.

Thanks,
Bokaj

15
Tech Clinic / Need some help - my PC is shutting down
« on: June 11, 2008, 02:47:11 PM »
Hi Guestolo!

Thank you for the help!

Here's my HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:32, on 11.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Norton AntiVirus\OPScan.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O20 - Winlogon Notify: kblcmchw - C:\WINDOWS\SYSTEM32\kblcmchw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8907 bytes

--------
That's it.

Best regard's
Bokaj.


[quote name=\'guestolo\' post=\'431138\' date=\'Jun 11 2008, 02:34 PM\']Hi Bokaj,

Can you do the following for me please
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important![/quote]

16
Tech Clinic / Need some help - my PC is shutting down
« on: June 11, 2008, 06:07:30 AM »
Hi!

My PC is shutting down all the time. It says it has a critical error and will close
within 60 seconds. It happens a lot. And also my Windows Security Center is
sending all these messages. See my attached images.

After a crash the Windows Security Center asks me to use Ultimate Fixer, but when
I press install - nothing happens.

It all happened after I went into a site that required some sort of QT codec/ application
to view its content. So I installed it - and from that point my PC has been extremely
unstable. I don't think it's a virus, but more of a registry fault or something...
But then again, I'm no Tech Guru...

It would be really great if some of you guys could take a look at the enclosed images
and send me a tip or two on how to get my system back on track.

Thanks for your time,

Bokaj

17
Tech Clinic / PC running slow
« on: April 02, 2008, 04:18:39 PM »
[quote name=\'guestolo\' post=\'425523\' date=\'Mar 31 2008, 06:45 PM\']Nothing bad popping out at me
But as a double check
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt[/quote]


Hi Guestolo!
Thanks for your time and expertize.
Here's the Main.txt from Deckard's:

Deckard's System Scanner v20071014.68
Run by Bruker on 2008-04-02 22:52:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-02 20:52:18 UTC - RP1 - Kontrollpunkt for system


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]System Drive C: has 5.43 GiB (less than 15%) free.[/color]


-- HijackThis (run as Bruker.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:45, on 02.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Documents and Settings\Bruker\Skrivebord\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bruker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-2530659468-2300780927-2459591391-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gjest')
O4 - HKUS\S-1-5-21-2530659468-2300780927-2459591391-501\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime (User 'Gjest')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8565 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 k750bus (Sony Ericsson 750 driver (WDM)) - c:\windows\system32\drivers\k750bus.sys (file missing)
S3 k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - c:\windows\system32\drivers\k750mdfl.sys (file missing)
S3 k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - c:\windows\system32\drivers\k750mdm.sys (file missing)
S3 k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - c:\windows\system32\drivers\k750mgmt.sys (file missing)
S3 k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\k750obex.sys (file missing)
S3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; Syncrosoft GmbH; USB protection device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\programfiler\fellesfiler\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R3 ServiceLayer - "c:\programfiler\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>
S4 Mupengnr -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-02 21:53:12       362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-03-29 16:57:56       528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Søk pÃ¥ min datamaskin.job
2008-03-29 13:23:03       282 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-02 and 2008-04-02 -----------------------------

2008-03-31 17:14:17         0 d-------- C:\Programfiler\Trend Micro
2008-03-31 16:28:49         0 d-------- C:\Programfiler\NetCom SMS PC
2008-03-30 19:18:42         0 d-------- C:\Programfiler\Lemmings Revolution 3D


-- Find3M Report ---------------------------------------------------------------

2008-04-02 19:18:14         0 d-------- C:\Documents and Settings\Bruker\Programdata\uTorrent
2008-03-31 22:06:10         0 d-------- C:\Programfiler\Fellesfiler
2008-03-31 16:28:51    387980 --a------ C:\WINDOWS\system32\perfh014.dat
2008-03-31 16:28:51     61698 --a------ C:\WINDOWS\system32\perfc014.dat
2008-03-07 09:04:41         0 d-------- C:\Programfiler\Winamp
2008-02-28 21:57:46         8 --a------ C:\WINDOWS\system32\CtSACKey.sys
2008-02-28 21:08:35         0 d-------- C:\Documents and Settings\Bruker\Programdata\Creative
2008-02-27 16:29:44         0 d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM
2008-02-21 15:43:36  11768139 --a------ C:\Programfiler\blender-2.45-windows.zip
2008-02-15 22:54:43         0 d-------- C:\Programfiler\Winamp Pro v5.112
2008-02-12 17:47:37         0 d-------- C:\Documents and Settings\Bruker\Programdata\CoreFTP
2008-02-11 18:12:59         0 d-------- C:\Programfiler\Norton AntiVirus


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04.09.2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [06.05.2003 17:16 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [01.03.2004 14:05]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20.01.2004 22:10]
"UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [19.08.2003 02:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03.08.2004 02:05]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [26.05.2004 19:15]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [26.05.2004 19:15]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [22.05.2003 21:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [22.05.2003 20:58]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [30.03.2006 17:06]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [23.06.2005 20:46]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" []
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [07.04.2003 18:09]
"HP Software Update"="C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [17.02.2005 00:11]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 02:11]
"PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [08.11.2006 14:27]
"QuickTime Task"="C:\Programfiler\QuickTime Alternative\qttask.exe" [11.12.2007 11:56]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [11.12.2007 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 10:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Bruker\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [16.03.2006 13:50:38]
Stickies.lnk - C:\Programfiler\stickies\stickies.exe [29.05.2005 21:37:09]




-- End of Deckard's System Scanner: finished at 2008-04-02 22:54:46 ------------

AND HERE IS THE EXTRA:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Norwegian

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1023.36 MiB / 603.28 MiB
Pagefile Memory (total/avail): 2460.95 MiB / 2057.65 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.32 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 5.42 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition
  \PARTITION0 (bootable) - Installerbart filsystem - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: Norton AntiVirus v2004 (Symantec Corporation) [color=\"RED\"]Outdated[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programfiler\\Messenger\\msmsgs.exe"="C:\\Programfiler\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programfiler\\Soulseek\\slsk.exe"="C:\\Programfiler\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Programfiler\\BitTornado\\btdownloadgui.exe"="C:\\Programfiler\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"="C:\\Programfiler\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"="C:\\Programfiler\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programfiler\\BitComet\\BitComet\\BitComet.exe"="C:\\Programfiler\\BitComet\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\Programfiler\\StreamCast\\Morpheus\\mldonkey\\mlnet.exe"="C:\\Programfiler\\StreamCast\\Morpheus\\mldonkey\\mlnet.exe:*:Disabled:MLdonkey - multiuser P2P daemon"
"C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe"="C:\\Programfiler\\StreamCast\\Morpheus\\MorphEXE.exe:*:Disabled:Morpheus"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Disabled:Microsoft ® HTML Application host"
"C:\\Programfiler\\CoreFTP\\coreftp.exe"="C:\\Programfiler\\CoreFTP\\coreftp.exe:*:Enabled:Core FTP App"
"C:\\Programfiler\\stickies\\stickies.exe"="C:\\Programfiler\\stickies\\stickies.exe:*:Enabled:Stickies 5.2a"
"D:\\Utility\\Installer\\InstallationManager.exe"="D:\\Utility\\Installer\\InstallationManager.exe:*:Enabled:Xerox Windows Common Print Driver Installer"
"C:\\Programfiler\\uTorrent\\utorrent.exe"="C:\\Programfiler\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe"="C:\\Programfiler\\eMule\\eMule0.47c\\eMule0.47c\\emule.exe:*:Enabled:eMule"
"C:\\Programfiler\\iTunes\\iTunes.exe"="C:\\Programfiler\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Bruker\Programdata
CLASSPATH=.;C:\Programfiler\Java\jre1.6.0_03\lib\ext\QTJava.zip
COLLECTIONID=COL8143
CommonProgramFiles=C:\Programfiler\Fellesfiler
COMPUTERNAME=YOUR-3B32B01586
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Bruker
ITEMID=dj-22741-15
LANG=1044
LOGONSERVER=\\YOUR-3B32B01586
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\Programfiler\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programfiler\ATI Technologies\ATI Control Panel;C:\Programfiler\Fellesfiler\Adobe\AGL;C:\Programfiler\QuickTime Alternative\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Programfiler
PROMPT=$P$G
QTJAVA=C:\Programfiler\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONID=1138922980951htx6056998c09:1098a0e56e2:1c1f
SESSIONNAME=Console
SWUTVER=1.0.3.1
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Bruker\LOKALE~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Bruker\LOKALE~1\Temp
TOOLPATH=/C:\Programfiler\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Bruker\LOKALE~1\Temp\rad60AF1.tmp
USERDOMAIN=YOUR-3B32B01586
USERNAME=Bruker
USERPROFILE=C:\Documents and Settings\Bruker
VERSION=3.0.5.001
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bruker (admin)
Administrator (new local, admin)
Gjest (guest)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
 --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9  /remove
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee --> C:\PROGRA~1\ACD\ACDSee\UNWISE.EXE C:\PROGRA~1\ACD\ACDSee\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Premiere Pro --> RunDll32 "C:\Programfiler\Fellesfiler\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Programfiler\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 6.0.1 - Norsk --> MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A00000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Manager Deluxe 4.1 --> C:\WINDOWS\unin0414.exe -f"C:\Programfiler\Adobe Type Manager\DeIsL1.isu" -c"C:\Programfiler\Adobe Type Manager\UNINST.DLL"
Agere Systems AC'97 Modem --> agrsmdel
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon Camera Support Core Library --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1 --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Programfiler\CCleaner\uninst.exe"
CleanUp! --> C:\Programfiler\CleanUp!\uninstall.exe
Core FTP LE 1.3c --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Creative Jukebox Driver --> C:\Programfiler\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Image Grabber II --> "C:\Programfiler\Image Grabber II\uninstall.exe"
Indeo® XP Software --> C:\WINDOWS\IsUninst.exe -fC:\Programfiler\Ligos\Indeo\UninstXP.isu
InterVideo WinDVD --> "C:\Programfiler\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.56 --> "C:\Programfiler\K-Lite Codec Pack\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Programfiler\Fellesfiler\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Programfiler\Symantec\LiveUpdate\LSETUP.EXE /U
Maxtor OneTouch --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
MediaJoin --> "C:\Documents and Settings\All Users\Application Data\{4588FC3C-C040-44E3-BB19-D9D014557FE1}\setup_mj.exe" REMOVE=TRUE MODIFY=FALSE
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110414-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.12) --> C:\Programfiler\Mozilla Firefox\uninstall\helper.exe
MSN-verktøylinjen --> C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\mtbs.exe c
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MyFonts Order M729227 --> MsiExec.exe /I{99E314B1-B437-0677-3153-E7EF375FC68C}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
NOMAD Explorer --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9  /remove
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Programfiler\Fellesfiler\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Oppdatering for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Oppdatering for Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Pegasus Imaging's PICVideo 3 --> C:\Programfiler\Fellesfiler\InstallShield\Driver\8\Intel 32\IDriver.exe /M{7AFED294-F3EE-40F9-B0C2-0AD9C45DE7D3}
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
QuickTime Alternative 1.81 --> "C:\Programfiler\QuickTime Alternative\unins000.exe"
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sikkerhetsoppdatering for Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sikkerhetsoppdatering for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Sound Forge 7.0 --> MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SoulSeek Client 156c --> "C:\Programfiler\Soulseek\uninstall.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\FELLES~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programfiler\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Programfiler\Spybot - Search & Destroy\unins000.exe"
Stickies 5.2a --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 5.2a
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programfiler\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VUPlayer --> "C:\Programfiler\VUPlayer\Uninstall.exe"
Winamp (remove only) --> "C:\Programfiler\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows XP hurtigreparasjon - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP hurtigreparasjon - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP hurtigreparasjon - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Programfiler\WinRar\uninstall.exe
Xerox Support Centre --> C:\Programfiler\Xerox\Support Centre\supportuninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Programfiler\Xvid\unins000.exe"
YV12 QuickTime Codec --> MsiExec.exe /I{2F33ECF9-8C59-41A6-8FB9-F7724B9C57E9}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4749 / Error
Event Submitted/Written: 04/01/2008 10:15:10 AM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program lemmingsrevolution.exe, versjon 1.0.0.1, feilende modul unknown, versjon 0.0.0.0, feiladresse 0x0000000c.
Behandler mediaspesifikk hendelse for [lemmingsrevolution.exe!ws!]

Event Record #/Type4726 / Error
Event Submitted/Written: 03/31/2008 04:20:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program afterfx.exe, versjon 7.0.128.244, feilende modul dva.dll, versjon 1.0.0.45903, feiladresse 0x0002e086.
Behandler mediaspesifikk hendelse for [afterfx.exe!ws!]

Event Record #/Type4724 / Error
Event Submitted/Written: 03/31/2008 00:02:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program lemmingsrevolution.exe, versjon 1.0.0.1, feilende modul lemmingsrevolution.exe, versjon 1.0.0.1, feiladresse 0x00001841.
Behandler mediaspesifikk hendelse for [lemmingsrevolution.exe!ws!]

Event Record #/Type4722 / Error
Event Submitted/Written: 03/27/2008 07:20:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hengende program firefox.exe, versjon 1.8.20080.20121, hengende modul hungapp, versjon 0.0.0.0, hengeadresse 0x00000000.

Event Record #/Type4721 / Error
Event Submitted/Written: 03/27/2008 05:53:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Feilende program explorer.exe, versjon 6.0.2900.3156, feilende modul wininet.dll, versjon 6.0.2900.3268, feiladresse 0x00003670.
Behandler mediaspesifikk hendelse for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42393 / Error
Event Submitted/Written: 04/02/2008 11:47:33 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
Nettverksadresseoversetteren (NAT) kan ikke sende forespørsel om en operasjon
i oversettingsmodulen i kjernemodus.
Dette kan tyde på uriktig konfigurasjon, utilstrekkelige ressurser eller
en intern feil.
Dataene er feilkoden.

Event Record #/Type42391 / Warning
Event Submitted/Written: 04/02/2008 11:47:28 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Datamaskinen kan ikke fornye adressen fra nettverket (fra DHCP-serveren)
for nettverkskortet med nettverksadressen 000FB043217F. Følgende feil
oppstod:
%%1223.
Datamaskinen vil fortsette å prøve å hente en adresse på egen hånd fra
nettverksadresseserveren (DHCP).

Event Record #/Type42390 / Warning
Event Submitted/Written: 04/02/2008 02:30:35 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nådd sikkerhetsbegrensningen for antall samtidige TCP-tilkoblingsforsøk.

Event Record #/Type42389 / Warning
Event Submitted/Written: 04/01/2008 11:43:58 PM
Event ID/Source: 36 / W32Time
Event Description:
Tidstjenesten kan ikke synkronisere systemtiden
med 49152 sekunder fordi ingen av tidsleverandørene har kunnet
tilby et brukbart tidsstempel. Systemklokken er ikke synkronisert.

Event Record #/Type42388 / Warning
Event Submitted/Written: 04/01/2008 07:06:28 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nådd sikkerhetsbegrensningen for antall samtidige TCP-tilkoblingsforsøk.



-- End of Deckard's System Scanner: finished at 2008-04-02 22:54:46 ------------

18
Tech Clinic / PC running slow
« on: March 31, 2008, 10:00:20 AM »
Hi!

Could someone please take a look at my HJT-log.
My PC has been veeery slow lately, and I'm afraid that perhaps that something malicious
has gotten through my Norton.

Thank you!

----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:43, on 31.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\uTorrent\utorrent.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8323 bytes

19
Tech Clinic / A strange program is running on my pc
« on: September 19, 2007, 09:03:27 AM »
Thank you Guestolo!
It looks like it was Stickies that kept on running in the background.

But, can I at any time end all these applications that you pointed out,
or should I let them run?

Best wishes.


[quote name=\'guestolo\' post=\'389510\' date=\'Sep 19 2007, 01:46 PM\']Open your Task Manager and end process on the following
C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE

Then try changing profiles, do you still get the program prompt?[/quote]

20
Tech Clinic / A strange program is running on my pc
« on: September 19, 2007, 06:06:55 AM »
Hi!

I'm wondering if someone has the time to take a quick look at my HJT-log.
Whenever I switch user on my pc, it says that a program is running, even though
I don't see any program. Are there any clues in the log what it might be?

Thanks:-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:48, on 19.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\stickies\stickies.exe
C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
C:\Programfiler\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Norton AntiVirus\OPScan.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programfiler\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\no\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stickies.lnk = C:\Programfiler\stickies\stickies.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7488 bytes

Pages: [1] 2