DDS (Version 1.1.0) - NTFSx86 Run by Kjetil at 20:19:07,25 on 17.12.2008 Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3071.2364 [GMT 1:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program files\Norman\Npm\bin\ELOGSVC.EXE C:\Program files\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program files\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\AirPort\APDiskAgent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program files\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Program files\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program files\Norman\Nvc\bin\nvcoas.exe C:\Program files\Norman\Nvc\BIN\NVCSCHED.EXE C:\Program files\Norman\Nvc\BIN\NIP.EXE C:\Program files\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Kjetil\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programfiler\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\programfiler\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programfiler\microsoft office\office12\GrooveShellExtensions.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programfiler\java\jre6\bin\ssv.dll BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\programfiler\google\googletoolbarnotifier\2.0.301.7164\swg.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programfiler\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\programfiler\yahoo!\companion\installs\cpn\yt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [msnmsgr] "c:\programfiler\windows live\messenger\msnmsgr.exe" /background uRun: [SUPERAntiSpyware] c:\programfiler\gunilla\SUPERAntiSpyware.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH mRun: [SunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe" mRun: [APDiskAgent] "c:\programfiler\airport\APDiskAgent.exe" mRun: [WT GameChannel] c:\programfiler\wildtangent\apps\GameChannel.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [GrooveMonitor] "c:\programfiler\microsoft office\office12\GrooveMonitor.exe" mRun: [Windows Service] service.exe mRunServices: [Windows Service] service.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\felles~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\hurtig~1.lnk - c:\programfiler\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\skype.lnk - c:\windows\installer\{5c82dae5-6eb0-4374-9254-be3319ba4e82}\Skype.ico mPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Windows Live Search - c:\programfiler\windows live toolbar\msntb.dll/search.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programfiler\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\programfiler\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programfiler\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\felles~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - g:\virus\sas\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programfiler\microsoft office\office12\GrooveShellExtensions.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\programfiler\gunilla\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kjetil\progra~1\mozilla\firefox\profiles\cjza9vbm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.sol.no/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\kjetil\programdata\mozilla\firefox\profiles\cjza9vbm.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\documents and settings\kjetil\programdata\mozilla\firefox\profiles\cjza9vbm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll FF - component: c:\documents and settings\kjetil\programdata\mozilla\firefox\profiles\cjza9vbm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll FF - component: c:\programfiler\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\programfiler\yahoo!\common\npyaxmpb.dll [color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color] c:\programfiler\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;\??\g:\virus\sas\SASDIFSV.SYS [2008-11-27 8944] R2 Ndiskio;Ndiskio;\??\c:\program files\norman\nse\bin\NDISKIO.SYS [2007-1-14 20448] R2 Norman ZANDA;Norman ZANDA;"c:\program files\norman\npm\bin\Zanda.exe" [2007-5-2 408696] R2 WinDefend;Windows Defender;"c:\programfiler\windows defender\MsMpEng.exe" [2006-11-3 13592] R3 nsesvc;Norman Scanner Engine Service;"c:\program files\norman\nse\bin\NSESVC.EXE" -daemon [2008-11-5 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2007-5-2 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\program files\norman\nvc\bin\nvcoas.exe" [2008-8-8 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\norman\nvc\bin\NVCSCHED.EXE [2007-5-23 146488] S1 SASKUTIL;SASKUTIL;\??\g:\gunilla 2k\sas\SASKUTIL.sys [] S3 ALSysIO;ALSysIO;\??\c:\docume~1\kjetil\lokale~1\temp\ALSysIO.sys [] S3 nvcfsr;nvcfsr;\??\c:\program files\norman\nvc\bin\nvcfsr.sys [2007-1-14 6712] S3 nvcoafl51;nvcoafl51;\??\c:\program files\norman\nvc\bin\nvcoafl51.sys [2007-1-14 30264] S3 nvcoaft51;nvcoaft51;\??\c:\program files\norman\nvc\bin\nvcoaft51.sys [2007-1-14 129848] S3 nvcoarc51;nvcoarc51;\??\c:\program files\norman\nvc\bin\nvcoarc51.sys [2007-1-14 23224] S3 SASENUM;SASENUM;\??\c:\programfiler\gunilla\SASENUM.SYS [] S3 SetupNTGLM7X;SetupNTGLM7X;\??\K:\NTGLM7X.sys [] S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2007-6-27 61504] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2007-6-28 9328] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2007-6-28 97056] =============== Created Last 30 ================ 2008-12-15 23:04 --d----- c:\programfiler\Trend Micro 2008-12-15 16:30 49,156 ---shr-- c:\windows\service.exe 2008-12-14 23:57 --d-hr-- c:\documents and settings\kjetil\Siste 2008-12-14 15:00 0 a----r-- C:\logwmemory.bin 2008-12-14 14:58 --d----- C:\Soldat 2008-12-14 14:58 --d----- c:\docume~1\kjetil\progra~1\Soldat 2008-12-13 19:05 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-13 17:40 562,044,991 a------- C:\bf2_patch_1.41..exe 2008-12-13 17:40 --d----- c:\programfiler\FreeUndelete 2008-12-03 20:07 --d----- c:\programfiler\Incomplete 2008-11-27 20:38 388,608 a------- c:\windows\system32\CF998.exe 2008-11-27 20:38 388,608 a------- c:\windows\system32\CF893.exe 2008-11-27 20:20 388,608 a------- c:\windows\system32\CF30134.exe 2008-11-23 19:10 --d----- c:\programfiler\SCAR 3.13 ==================== Find3M ==================== 2008-12-15 23:05 11,706 a------- c:\windows\system32\ealregsnapshot1.reg 2008-12-12 14:46 140,216 a------- c:\windows\system32\drivers\PnkBstrK.sys 2008-12-12 14:46 201,352 a------- c:\windows\system32\PnkBstrB.exe 2008-11-23 19:17 30 a------- c:\documents and settings\kjetil\jagex_runescape_preferences.dat 2008-11-18 21:17 22,328 a------- c:\docume~1\kjetil\progra~1\PnkBstrK.sys 2008-11-18 21:17 669,184 a------- c:\windows\system32\pbsvc.exe 2008-11-16 20:19 388,608 a------- c:\windows\system32\CF6596.exe 2008-11-10 21:32 119,120 a------- c:\windows\dxsdkuninst.exe 2008-10-27 18:39 360,784 a------- c:\windows\system32\XactEngineA3_3.dll 2008-10-27 18:39 359,760 a------- c:\windows\system32\dinput8d.dll 2008-10-27 18:39 349,520 a------- c:\windows\system32\d3dref9.dll 2008-10-27 18:39 286,032 a------- c:\windows\system32\XactEngineD3_3.dll 2008-10-27 18:39 123,216 a------- c:\windows\system32\XAPOFXD1_2.dll 2008-10-27 18:38 47,440 a------- c:\windows\system32\X3DAudioD1_5.dll 2008-10-27 18:37 4,499,280 a------- c:\windows\system32\D3dx9d_40.dll 2008-10-27 18:37 3,796,816 a------- c:\windows\system32\d3dx9d_33.dll 2008-10-27 18:37 3,084,624 a------- c:\windows\system32\d3d9d.dll 2008-10-27 18:37 906,576 a------- c:\windows\system32\xaudioD2_3.dll 2008-10-27 18:36 496,464 a------- c:\windows\system32\D3DX10d_40.dll 2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll 2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll 2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll 2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll 2008-10-26 09:58 413,096 a------- c:\windows\system32\perfh014.dat 2008-10-26 09:58 73,278 a------- c:\windows\system32\perfc014.dat 2008-10-24 12:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 13:43 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-22 16:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 16:10 15,504 a------- c:\windows\system32\drivers\mbam.sys 2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll 2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll 2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll 2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll 2008-10-09 22:30 170 a------- c:\programfiler\1bomb.ini 2008-10-09 01:47 42,320 a------- c:\windows\system32\xfcodec.dll 2008-10-03 11:04 247,326 a------- c:\windows\system32\strmdll.dll 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-03-13 18:26 1,784,320 a------- c:\documents and settings\kjetil\autorun.dat 2008-03-07 14:35 21,060 a------- c:\documents and settings\kjetil\config.dat 2008-01-28 10:54 397,312 a----r-- c:\documents and settings\kjetil\AutoRun.exe 2008-05-06 23:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008050720080508\index.dat ============= FINISH: 20:19:29,59 ===============