Kveler linjehastighet. Pc henger

[Adam_Li]

sender 2 loggfiler. Håper noen kan titte gjennom og se om det er noe å gjøre her:

 

 

 

Malwarebytes' Anti-Malware 1.34

Databaseversjon: 1900

Windows 5.2.3790 Service Pack 2

 

26.03.2009 14:38:08

mbam-log-2009-03-26 (14-38-08).txt

 

Skanntype: Rask Skann

Objekter skannet: 124358

Tid tilbakelagt: 14 minute(s), 25 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 7

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001356e (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0034c3c (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007cafa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00af3fb (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e0444 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00eb592 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00fd71a (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

------------------------------

------------------------------

------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:52:25, on 26.03.2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Canon\CAL\CALMAIN.exe

C:\OfficeScan NT\tmlisten.exe

C:\OfficeScan NT\TmPfw.exe

C:\OfficeScan NT\CNTAoSMgr.exe

C:\WINDOWS\TEMP\YOB300.EXE

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\OfficeScan NT\pccntmon.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\WINDOWS\SysWOW64\rundll32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Documents and Settings\administrator.XXXXXXX\Desktop\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.YYYYYYY.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O1 - Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Handy Backup] C:\Program Files (x86)\Novosoft\Handy Backup\hbagent.exe -logon

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

O4 - Global Startup: ProfileReminder.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://av.YYYYYYY.no/officescan/ClientInstall/WinNTChk.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://av.YYYYYYY.no/officescan/console/ht...stall/setup.cab

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://av.YYYYYYY.no/officescan/clientinstall/RemoveCtrl.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.biblioteketsvenner.no/auth/con...ImageUpload.dll

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp07.photoprintit.de/microsite/18/...IPSUploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = XXXXXXX.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = XXXXXXX.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = XXXXXXX.local

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files (x86)\Canon\CAL\CALMAIN.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe

O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\OfficeScan NT\TmPfw.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\OfficeScan NT\TmProxy.exe

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

 

--

End of file - 8361 bytes

 

 

 

På forhånd takk

[r2d290]

Klikk deg inn på signaturen min, og følg veiledningen om combofix. Post loggen i din neste post.

 

(jeg går ut ifra at XXXXXX og YYYYYYY er en form for sensur?

[Adam_Li]

Klikk deg inn på signaturen min, og følg veiledningen om combofix. Post loggen i din neste post.

 

(jeg går ut ifra at XXXXXX og YYYYYYY er en form for sensur?

 

 

Hei!

 

Jeg kjører 64 bit på den maskina som jeg logget. Derfor brukte jeg HiJackthis. Det står jo at man skal gjør edet i manualen din.

Der ser du det er mye "feil". Kan jeg i HiJackthis merke alle linjene og trykke fix?

Eller vil det gjøre vondt værre?

 

Ja XXX og YYY er en slags sensur. Ikke noe farlig, men det er ikke min egen maskin så derfor.

[norbat]

hjt-loggen ser grei ut. Ikke fix noe av oppføringene.

 

Kunne du ha kjørt OTViewIT (se veiledningen) og postet loggene den lager?

[Adam_Li]

hjt-loggen ser grei ut. Ikke fix noe av oppføringene.

 

Kunne du ha kjørt OTViewIT (se veiledningen) og postet loggene den lager?

 

her kommer de:

 

 

 

OTViewIt logfile created on: 27.03.2009 10:20:27 - Run 4

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\administrator.XXXX\Desktop

Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 70,97% Memory free

3,37 Gb Paging File | 2,91 Gb Available in Paging File | 86,33% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 147,80 Gb Total Space | 121,70 Gb Free Space | 82,34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive P: | 1676,38 Gb Total Space | 816,00 Gb Free Space | 48,68% Space Free | Partition Type: NTFS

 

Computer Name: XXXXXXXX

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 90 Days

 

========== Processes ==========

 

[2006.02.28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe

[2008.12.12 07:29:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe

[2006.03.30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe

[2008.03.31 13:32:22 | 00,808,304 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\tmlisten.exe

[2007.04.04 21:35:46 | 00,943,696 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\TmPfw.exe

[2007.04.23 19:14:42 | 00,415,352 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\CNTAoSMgr.exe

[2007.05.07 23:43:40 | 00,300,656 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\LFEF55.EXE

[2004.07.28 01:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

[2007.05.07 23:43:06 | 00,702,072 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\PccNTMon.exe

[2005.03.25 14:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe

[2005.03.25 14:00:00 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\rundll32.exe

[2009.01.19 21:05:42 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

[2009.03.27 10:07:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.XXXX\Desktop\OTViewIt.exe

[2009.03.27 10:07:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.XXXX\Desktop\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2007.09.11 08:50:03 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2008.07.25 10:13:44 | 00,046,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006.02.28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2006.03.30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

[2008.07.25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008.07.25 10:13:48 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])

File not found -- -- (dmadmin [On_Demand | Stopped])

File not found -- -- (Eventlog [Auto | Running])

[2008.04.23 13:43:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008.07.29 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

File not found -- -- (HTTPFilter [On_Demand | Stopped])

[2007.02.18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])

[2008.07.29 19:28:38 | 00,859,648 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

File not found -- -- (ImapiService [On_Demand | Stopped])

[2008.12.12 07:29:54 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

File not found -- -- (MSDTC [On_Demand | Stopped])

[2007.02.18 11:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [Auto | Running])

[2008.07.29 19:20:34 | 00,119,808 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

File not found -- -- (NtLmSsp [On_Demand | Stopped])

[2007.05.07 23:47:30 | 01,038,976 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\ntrtscan.exe -- (ntrtscan [Auto | Running])

File not found -- -- (NVSvc [Auto | Running])

File not found -- -- (PlugPlay [Auto | Running])

File not found -- -- (PolicyAgent [Auto | Running])

File not found -- -- (ProtectedStorage [Auto | Running])

File not found -- -- (RDSessMgr [On_Demand | Stopped])

File not found -- -- (SamSs [Auto | Running])

File not found -- -- (TlntSvr [Disabled | Stopped])

[2008.03.31 13:32:22 | 00,808,304 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\tmlisten.exe -- (tmlisten [Auto | Running])

[2007.04.04 21:35:46 | 00,943,696 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\TmPfw.exe -- (TmPfw [On_Demand | Running])

[2007.04.27 19:35:28 | 00,575,064 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\TmProxy.exe -- (TmProxy [On_Demand | Stopped])

[2005.03.25 14:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])

File not found -- -- (vds [On_Demand | Stopped])

File not found -- -- (VSS [On_Demand | Stopped])

File not found -- -- (WmiApSrv [On_Demand | Stopped])

 

========== Driver Services ==========

 

File not found -- -- (ACPI [boot | Running])

File not found -- -- (ADIHdAudAddService [On_Demand | Running])

File not found -- -- (AFD [system | Running])

File not found -- -- (atapi [boot | Running])

File not found -- -- (audstub [On_Demand | Running])

File not found -- -- (b57nd [On_Demand | Running])

File not found -- -- (Beep [system | Running])

File not found -- -- (CdaC15BA [Auto | Running])

File not found -- -- (CdaD10BA [Auto | Running])

File not found -- -- (Cdfs [Disabled | Running])

File not found -- -- (Cdrom [system | Running])

File not found -- -- (crcdisk [boot | Running])

File not found -- -- (Disk [boot | Running])

File not found -- -- (DLABOIOE [Auto | Running])

File not found -- -- (DLACDBHE [system | Running])

File not found -- -- (DLADResE [Auto | Running])

File not found -- -- (DLAIFS_E [Auto | Running])

File not found -- -- (DLAOPIOE [Auto | Running])

File not found -- -- (DLAPoolE [Auto | Running])

File not found -- -- (DLARTL_E [system | Running])

File not found -- -- (DLAUDFAE [Auto | Running])

File not found -- -- (DLAUDF_E [Auto | Running])

File not found -- -- (dmio [boot | Running])

File not found -- -- (dmload [boot | Running])

File not found -- -- (DRVECDB [boot | Running])

File not found -- -- (DRVEDDM [Auto | Running])

[2006.06.29 17:11:08 | 00,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV [Auto | Stopped])

File not found -- -- (Fdc [On_Demand | Running])

File not found -- -- (Fips [system | Running])

File not found -- -- (FltMgr [boot | Running])

File not found -- -- (Ftdisk [boot | Running])

File not found -- -- (Gpc [On_Demand | Running])

File not found -- -- (HDAudBus [On_Demand | Running])

File not found -- -- (HidUsb [On_Demand | Running])

File not found -- -- (HTTP [On_Demand | Running])

File not found -- -- (imapi [system | Running])

File not found -- -- (intelppm [On_Demand | Running])

File not found -- -- (IpNat [On_Demand | Running])

File not found -- -- (IPSec [system | Running])

File not found -- -- (isapnp [boot | Running])

File not found -- -- (Kbdclass [system | Running])

File not found -- -- (kbdhid [system | Running])

File not found -- -- (kmixer [On_Demand | Running])

File not found -- -- (KSecDD [boot | Running])

File not found -- -- (ksthunk [On_Demand | Running])

File not found -- -- (lsi_sas [boot | Running])

[2005.03.25 14:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [system | Running])

File not found -- -- (Mouclass [system | Running])

File not found -- -- (mouhid [On_Demand | Running])

File not found -- -- (MountMgr [boot | Running])

File not found -- -- (MRxDAV [On_Demand | Running])

File not found -- -- (MRxSmb [system | Running])

File not found -- -- (Msfs [system | Running])

File not found -- -- (mssmbios [On_Demand | Running])

File not found -- -- (Mup [boot | Running])

File not found -- -- (NDIS [boot | Running])

File not found -- -- (NdisTapi [On_Demand | Running])

File not found -- -- (Ndisuio [On_Demand | Running])

File not found -- -- (NdisWan [On_Demand | Running])

File not found -- -- (NDProxy [On_Demand | Running])

File not found -- -- (NetBIOS [system | Running])

File not found -- -- (NetBT [system | Running])

File not found -- -- (Npfs [system | Running])

File not found -- -- (Ntfs [Disabled | Running])

File not found -- -- (Null [system | Running])

File not found -- -- (nv [On_Demand | Running])

File not found -- -- (ohci1394 [boot | Running])

File not found -- -- (Parport [On_Demand | Running])

File not found -- -- (PartMgr [boot | Running])

File not found -- -- (PCI [boot | Running])

File not found -- -- (PCIIde [boot | Running])

File not found -- -- (PptpMiniport [On_Demand | Running])

File not found -- -- (PSched [On_Demand | Running])

File not found -- -- (Ptilink [On_Demand | Running])

File not found -- -- (PxHlpa64 [boot | Running])

File not found -- -- (RasAcd [system | Running])

File not found -- -- (Rasl2tp [On_Demand | Running])

File not found -- -- (RasPppoe [On_Demand | Running])

File not found -- -- (Raspti [On_Demand | Running])

File not found -- -- (Rdbss [system | Running])

File not found -- -- (RDPCDD [system | Running])

File not found -- -- (rdpdr [On_Demand | Running])

File not found -- -- (redbook [system | Running])

File not found -- -- (sbp2port [boot | Running])

File not found -- -- (Secdrv [Auto | Running])

File not found -- -- (serenum [On_Demand | Running])

File not found -- -- (Serial [system | Running])

File not found -- -- (sr [boot | Running])

File not found -- -- (Srv [On_Demand | Running])

File not found -- -- (swenum [On_Demand | Running])

File not found -- -- (sysaudio [On_Demand | Running])

File not found -- -- (Tcpip [system | Running])

File not found -- -- (TermDD [system | Running])

File not found -- -- (tmcfw [On_Demand | Running])

[2008.08.16 02:01:34 | 00,235,536 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\tmxpflt.sys -- (TmFilter [Auto | Running])

[2008.08.16 02:01:32 | 00,042,000 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\tmpreflt.sys -- (TmPreFilter [Auto | Running])

File not found -- -- (tmtdi [system | Running])

File not found -- -- (Update [On_Demand | Running])

File not found -- -- (usbehci [On_Demand | Running])

File not found -- -- (usbhub [On_Demand | Running])

File not found -- -- (usbuhci [On_Demand | Running])

File not found -- -- (VgaSave [system | Running])

File not found -- -- (VolSnap [boot | Running])

[2008.08.16 01:58:10 | 01,839,632 | ---- | M] (Trend Micro Inc.) -- C:\OfficeScan NT\VsapiNT.sys -- (VSApiNt [Auto | Running])

File not found -- -- (Wanarp [On_Demand | Running])

[2005.03.25 14:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Secondary Start Pages"=

"Start Page"=http://www.XXXX.no/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (820 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)

"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)

"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" -HideWindow (Trend Micro Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Handy Backup"=C:\Program Files (x86)\Novosoft\Handy Backup\hbagent.exe -logon File not found

 

========== (O4) Startup Folders ==========

 

[2007.07.03 00:07:08 | 00,708,608 | ---- | M] (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logo Calibration Loader.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

[2007.07.03 00:06:58 | 00,954,368 | ---- | M] (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ProfileReminder.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

"NoCDBurning"=0

"HonorAutoRunSetting"=1

"NoActiveDesktopChanges"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"scforceoption"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007.02.18 11:05:40 | 01,681,920 | -HS- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %SystemDrive%\Program Files\Messenger\msmsgs.exe [2007.02.18 11:05:40 | 01,681,920 | -HS- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %SystemDrive%\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007.02.18 11:05:40 | 01,681,920 | -HS- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{00134F72-5284-44F7-95A8-52A619F70751}: http://av.XXXX.no/officescan/ClientInstall/WinNTChk.cab -- ObjWinNTCheck Class

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- QuickTime Plugin Control

{08D75BC1-D2B5-11D1-88FC-0080C859833B}: https://av.XXXX.no/officescan/console/html/...stall/setup.cab -- OfficeScan Corp Edition Web-Deployment SetupCtrl Class

{5EFE8CB1-D095-11D1-88FC-0080C859833B}: http://av.XXXX.no/officescan/clientinstall/RemoveCtrl.cab -- OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class

{6E5E167B-1566-4316-B27F-0DDAB3484CF7}: http://www.new2.foto.com/ImageUploader4.cab -- Image Uploader Control

{74FFE28D-2378-11D5-990C-006094235084}: http://www-307.ibm.com/pc/support/IbmEgath.cab -- IBM Access Support

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -- Shockwave Flash Object

{DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305}: http://webc.biblioteketsvenner.no/auth/con...ImageUpload.dll -- IlosoftImageUploadCtl Class

{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}: http://asp07.photoprintit.de/microsite/18/...IPSUploader.cab -- IPSUploader Control

 

========== (O17) DNS Name Servers ==========

 

{62B0A9B6-B1BA-4B25-BF34-C4A64064F528} (Servers: | Description: Broadcom NetXtreme Gigabit Ethernet)

{AE1177AE-9439-47E6-85F2-F97C99780939} (Servers: | Description: 1394 Net Adapter)

 

========== (O20) HKLM Winlogon Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Shell"=Explorer.exe

>[2007.02.18 11:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe

 

"System"=lsass.exe

>File not found --

 

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

ScCertProp: "DllName" = wlnotify.dll -- File not found

Schedule: "DllName" = wlnotify.dll -- File not found

SensLogn: "DllName" = WlNotify.dll -- File not found

wlballoon: "DllName" = wlnotify.dll -- File not found

 

========== (O21) SSODL Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

 

========== (O22) Shared Task Scheduler ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT [ | ]

[2007.02.01 08:30:04 | 00,000,001 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3af6ce1-847c-11dd-bbd1-00145e6422ce}\Shell]

""=AutoRun

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3af6ce1-847c-11dd-bbd1-00145e6422ce}\Shell\AutoRun]

""=Auto&Play

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3af6ce1-847c-11dd-bbd1-00145e6422ce}\Shell\AutoRun\command]

""=E:\LaunchU3.exe -- File not found

 

========== Files/Folders - Created Within 90 Days ==========

 

[2 C:\WINDOWS\System32\*.tmp files]

[2009.03.27 10:07:12 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator.XXXX\Desktop\OTViewIt.exe

[2009.03.26 14:52:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Desktop\HiJackThis

[2009.03.26 14:15:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Application Data\Malwarebytes

[2009.03.26 14:15:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.03.26 14:15:16 | 00,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.03.26 14:15:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.03.26 14:15:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2009.03.26 14:15:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009.03.26 14:14:41 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator.XXXX\Desktop\mbam-setup.exe

[2009.03.19 09:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Desktop\TOUCH

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\administrator.XXXX\Desktop\TOUCH:AFP_AfpInfo

[2009.03.17 09:12:35 | 10,066,3308 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\31561_3sta.tif

[2009.03.13 12:07:38 | 00,000,079 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\setting.ini

[2009.03.13 12:07:17 | 00,244,736 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\JRuler.exe

[2009.03.13 08:22:53 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gsl

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gsl:AFP_AfpInfo

[2009.03.13 08:22:53 | 00,000,549 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gst

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gst:AFP_AfpInfo

[2009.03.13 08:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync

[2009.03.12 15:47:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkVantage

[2009.03.12 15:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Desktop\LANdesk

[2009.03.04 15:06:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2009.03.04 15:06:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild

[2009.03.04 15:06:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies

[2009.03.04 15:06:05 | 00,000,000 | ---D | C] -- C:\8e6cd867428c7c950e3c057f6043d5

[2009.03.04 14:59:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0

[2009.03.04 13:46:13 | 00,000,233 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\tptest.conf

[2009.03.04 13:39:44 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\TPTEST 5 resultat Genomströmning

[2009.03.04 11:17:54 | 81,986,156 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\2009.03.04_Markus_1.zip

[2009.03.02 11:59:28 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\Customize Fences.lnk

[2009.03.02 11:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Application Data\Stardock

[2009.03.02 11:59:20 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{067CEB81-A49B-4597-9505-A5515881D672}

[2009.03.02 11:59:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock

[2009.03.02 11:07:21 | 00,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Robocopy GUI.lnk

[2009.03.02 11:07:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2009.03.02 11:07:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Application Data\Microsoft Robocopy GUI

[2009.02.23 15:55:49 | 00,000,079 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\setting.ini

[2009.02.23 15:53:57 | 00,244,736 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\JRuler.exe

[2009.02.23 15:36:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\My Documents\web

[2009.02.23 15:26:28 | 00,079,318 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\banner_logo.psd

[2009.02.23 15:26:28 | 00,025,085 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\My Documents\banner_logo.jpg

[2009.02.18 10:56:33 | 00,002,055 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\BFO PDF Viewer.lnk

[2009.02.16 15:09:20 | 00,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ColorNavigator.lnk

[2009.02.16 15:09:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EIZO

[2009.02.16 14:33:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Local Settings\Application Data\Downloaded Installations

[2009.02.16 14:27:56 | 00,544,082 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.02.16 14:27:11 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2009.02.16 14:26:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2009.02.10 14:39:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009.02.10 12:48:29 | 00,140,288 | ---- | C] () -- C:\2881309.doc

[2009.02.10 11:41:58 | 00,147,968 | ---- | C] () -- C:\2872229.doc

[2009.02.10 11:32:05 | 00,142,848 | ---- | C] () -- C:\2859817.doc

[2009.02.10 10:05:41 | 00,070,486 | ---- | C] () -- C:\2846401.pdf

[2009.02.10 07:52:22 | 08,360,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll

[2009.01.30 12:34:43 | 00,264,514 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\XXXX.psd

[2009.01.27 11:01:49 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll

[2009.01.26 14:04:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2009.01.19 21:05:44 | 06,066,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2009.01.19 21:05:44 | 03,594,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009.01.19 21:05:44 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll

[2009.01.19 21:05:42 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll

[2009.01.19 21:05:42 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll

[2009.01.19 21:05:42 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll

[2009.01.19 21:05:42 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2009.01.16 15:07:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\My Documents\SkolesidenPDF

[2009.01.13 16:36:04 | 02,547,486 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\XXXXv.2008 1.pdf

[2009.01.13 16:36:04 | 02,400,407 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\A-Å aug 2008.pdf

[2009.01.13 16:33:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Desktop\XXXX

[2009.01.13 14:25:54 | 01,340,516 | ---- | C] () -- C:\Documents and Settings\administrator.XXXX\Desktop\referanseportrett.jpg

[2009.01.09 12:54:18 | 00,000,000 | ---D | C] -- C:\test

[2009.01.05 13:41:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Application Data\FileZilla

[2009.01.05 13:41:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[2009.01.05 11:26:02 | 00,000,000 | ---D | C] -- C:\VundoFix Backups

[2008.12.30 15:49:22 | 06,418,818 | -H-- | C] () -- C:\Documents and Settings\administrator.XXXX\Local Settings\Application Data\IconCache.db

[2008.12.30 13:33:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Application Data\Novosoft

[2008.12.30 12:40:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator.XXXX\Application Data\SuperFlexibleSynchronizer

[2008.12.30 12:40:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SuperFlexibleSynchronizer

 

========== Files - Modified Within 90 Days ==========

 

[2 C:\WINDOWS\System32\*.tmp files]

[2009.03.27 10:07:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator.XXXX\Desktop\OTViewIt.exe

[2009.03.27 08:34:27 | 00,012,152 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2009.03.27 08:24:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009.03.27 08:23:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009.03.27 08:23:46 | 21,455,01184 | -HS- | M] () -- C:\hiberfil.sys

[2009.03.26 15:34:27 | 06,418,818 | -H-- | M] () -- C:\Documents and Settings\administrator.XXXX\Local Settings\Application Data\IconCache.db

[2009.03.26 14:37:29 | 00,001,218 | -H-- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\Default.rdp

[2009.03.26 14:15:16 | 00,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.03.26 14:14:44 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\administrator.XXXX\Desktop\mbam-setup.exe

[2009.03.13 14:11:43 | 00,000,079 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\setting.ini

[2009.03.13 10:21:30 | 00,000,079 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\setting.ini

[2009.03.13 10:05:15 | 00,000,441 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\Shortcut to TUMBS.lnk

[2009.03.13 08:23:33 | 00,000,549 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gst

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gst:AFP_AfpInfo

[2009.03.13 08:22:07 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GoodSync.lnk

[2009.03.13 08:21:29 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gsl

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\administrator.XXXX\My Documents\BBQ.gsl:AFP_AfpInfo

[2009.03.11 15:49:21 | 00,001,405 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009.03.04 15:20:37 | 00,016,504 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009.03.04 15:12:51 | 00,544,082 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009.03.04 13:46:13 | 00,000,233 | ---- | M] () -- C:\Documents and Settings\administrator.XXXXTO\My Documents\tptest.conf

[2009.03.04 13:39:44 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\TPTEST 5 resultat Genomströmning

[2009.03.04 11:15:00 | 81,986,156 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\2009.03.04_Markus_1.zip

[2009.03.04 00:24:22 | 10,066,3308 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\31561_3sta.tif

[2009.03.02 12:00:04 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\Customize Fences.lnk

[2009.03.02 11:07:21 | 00,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Robocopy GUI.lnk

[2009.02.23 15:26:34 | 00,025,085 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\banner_logo.jpg

[2009.02.23 15:26:14 | 00,079,318 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\My Documents\banner_logo.psd

[2009.02.18 10:56:33 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\BFO PDF Viewer.lnk

[2009.02.16 15:09:20 | 00,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ColorNavigator.lnk

[2009.02.12 11:06:26 | 00,146,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schannel.dll

[2009.02.11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009.02.11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009.02.10 12:48:18 | 00,140,288 | ---- | M] () -- C:\2881309.doc

[2009.02.10 11:41:48 | 00,147,968 | ---- | M] () -- C:\2872229.doc

[2009.02.10 11:31:56 | 00,142,848 | ---- | M] () -- C:\2859817.doc

[2009.02.10 10:05:41 | 00,070,486 | ---- | M] () -- C:\2846401.pdf

[2009.02.10 07:52:22 | 08,360,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll

[2009.01.30 13:16:29 | 00,264,514 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\XXXX.psd

[2009.01.19 21:05:44 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2009.01.19 21:05:44 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009.01.19 21:05:44 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2009.01.19 21:05:44 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2009.01.19 21:05:44 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2009.01.19 21:05:44 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll

[2009.01.19 21:05:44 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll

[2009.01.19 21:05:44 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll

[2009.01.19 21:05:44 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll

[2009.01.19 21:05:44 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll

[2009.01.19 21:05:44 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll

[2009.01.19 21:05:44 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2009.01.19 21:05:44 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2009.01.19 21:05:42 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll

[2009.01.19 21:05:42 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll

[2009.01.19 21:05:42 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2009.01.19 21:05:42 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll

[2009.01.19 21:05:42 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll

[2009.01.19 21:05:42 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll

[2009.01.19 21:05:42 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll

[2009.01.19 21:05:42 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll

[2009.01.19 21:05:42 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll

[2009.01.19 21:05:42 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2009.01.19 21:05:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll

[2009.01.19 21:05:42 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2009.01.19 21:05:42 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll

[2009.01.19 21:05:42 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll

[2009.01.19 21:05:42 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll

[2009.01.19 21:05:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe

[2009.01.16 10:53:31 | 00,000,768 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\FOXUSER.FPT

[2009.01.16 10:53:31 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\administrator.XXXX\Desktop\FOXUSER.DBF

< End of report >

 

 

 

 

OTViewIt Extras logfile created on: 27.03.2009 10:20:29 - Run 4

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\administrator.XXXX\Desktop

Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 70,97% Memory free

3,37 Gb Paging File | 2,91 Gb Available in Paging File | 86,33% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 147,80 Gb Total Space | 121,70 Gb Free Space | 82,34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive P: | 1676,38 Gb Total Space | 816,00 Gb Free Space | 48,68% Space Free | Partition Type: NTFS

 

Computer Name: XXXXXXXX

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 90 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2006.02.28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2002.06.25 01:36:44 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSSOAP\Binaries\MsSoapT3.exe:*:Disabled:Microsoft Soap Toolkit 3.0 Trace Tool

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0

[2008.12.04 05:56:22 | 02,160,824 | ---- | M] () -- C:\Program Files (x86)\Siber Systems\GoodSync\GoodSync.exe:*:Enabled:GoodSync Synchronizer

[2008.12.12 07:29:54 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\launch4j-tmp\PowerFolder.exe:*:Enabled:Java Platform SE binary

File not found -- C:\Program Files (x86)\Novosoft\Handy Backup\backup.exe:*:Enabled:Handy Backup

File not found -- C:\Program Files (x86)\Novosoft\Handy Backup\hbagent.exe:*:Enabled:Handy Backup 6.2.2.2105M Agent

[2009.03.12 00:18:58 | 03,614,904 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe:*:Enabled:GoodSync Synchronizer

[2007.02.18 11:12:40 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries00000000004 [mdnsNSP] -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007.02.18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[2009.01.19 21:05:42 | 01,160,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[2007.02.18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[2008.07.03 13:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[2007.02.18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[2009.01.19 21:05:44 | 03,594,752 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[2007.02.18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[2005.03.25 14:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2009.02.10 07:52:22 | 08,360,960 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic RecordNow Data

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{107C666F-63C5-4263-8D40-8B9CFB5FED08}"=Microsoft Robocopy GUI

"{10CD364B-FFCC-48BE-B469-B9622A033075}"=Fences

"{18226DB2-91AD-488C-ACCC-C7643C938AB6}"=OpenOffice.org 2.4

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java 6 Update 10

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}"=Visual FoxPro 9.0 Baseline - English

"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}"=Citrix XenApp Plugin for Hosted Apps

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3

"{47FB1A60-9DDC-42B0-8430-8F6FBCF89651}"=3D-FTP

"{4F99BC30-032D-4ABC-A67C-DB032173DA9C}"=QKameraVersion7

"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD

"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings

"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}"=Visual FoxPro 9.0 Professional - English

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{9E87166B-9ECC-41C0-BB29-03D4ED7A805D}"=Chilkat XML ActiveX

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic RecordNow Audio

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings

"{AC76BA86-7AD7-1044-7B44-A81300000003}"=Adobe Reader 8.1.3 - Norsk

"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic RecordNow Copy

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup

"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3

"{BCB4C18A-ACA6-4383-8688-E19933A705DD}"=Microsoft SOAP Toolkit 3.0

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3

"CAL"=Canon Camera Access Library

"CameraWindowDVC5"=Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC"=Canon Camera Window MC 6 for ZoomBrowser EX

"CANON iMAGE GATEWAY Task"=CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX"=Canon Internet Library for ZoomBrowser EX

"CCleaner"=CCleaner (remove only)

"DPP"=Canon Utilities Digital Photo Professional 3.1

"Eye-One Match_is1"=Eye-One Match 3.6.2

"Fences"=Fences

"FileZilla Client"=FileZilla Client 3.1.6

"FreeCommander_is1"=FreeCommander 2008.06c

"HijackThis"=HijackThis 2.0.2

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"OfficeScanNT"=Trend Micro OfficeScan Client

"Photo Nose_is1"=Photo Nose 3.0

"PhotoStitch"=Canon Utilities PhotoStitch

"QKamera08"=QKamera08

"RAW Image Task"=Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX

"ThinkVantage Toolkit for LANDesk Management Suite_is1"=ThinkVantage Toolkit for LANDesk Management Suite v3.1.0.3

"TPTEST5_is1"=TPTEST 5.0.2

"VertusFluidMask3"=Vertus Fluid Mask 3 3.0.8

"Visual FoxPro 9.0 Professional - English"=Microsoft Visual FoxPro 9.0 Professional - English

"WFTK"=Canon Utilities WFT-E1/E2/E3 Utility

"WinRAR archiver"=WinRAR archiver

"ZoomBrowser EX"=Canon Utilities ZoomBrowser EX

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BFO PDF Viewer"=BFO PDF Viewer

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 26.03.2009 09:14:30 | Computer Name = XXXXXXXX | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The specified

domain either does not exist or could not be contacted. ). Group Policy processing

aborted.

 

Error - 26.03.2009 09:42:07 | Computer Name = XXXXXXXX | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The specified

domain either does not exist or could not be contacted. ). Group Policy processing

aborted.

 

Error - 26.03.2009 09:42:09 | Computer Name = XXXXXXXX | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The specified

domain either does not exist or could not be contacted. ). Group Policy processing

aborted.

 

Error - 26.03.2009 09:42:18 | Computer Name = XXXXXXXX | Source = UserInit | ID = 1000

Description = Could not execute the following script logon.cmd. The system cannot

find the file specified. .

 

Error - 26.03.2009 09:56:48 | Computer Name = XXXXXXXX | Source = idsvc | ID = 0

Description = Service cannot be started. System.ComponentModel.Win32Exception: The

RPC server is already listening at Microsoft.InfoCards.InfoCardService.OnStart(String[]

args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error - 27.03.2009 03:26:24 | Computer Name = XXXXXXXX | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The specified

domain either does not exist or could not be contacted. ). Group Policy processing

aborted.

 

Error - 27.03.2009 03:29:32 | Computer Name = XXXXXXXX | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The specified

domain either does not exist or could not be contacted. ). Group Policy processing

aborted.

 

Error - 27.03.2009 03:29:35 | Computer Name = XXXXXXXX | Source = UserInit | ID = 1000

Description = Could not execute the following script logon.cmd. The system cannot

find the file specified. .

 

Error - 27.03.2009 04:59:03 | Computer Name = XXXXXXXX | Source = idsvc | ID = 0

Description = Service cannot be started. System.ComponentModel.Win32Exception: The

RPC server is already listening at Microsoft.InfoCards.InfoCardService.OnStart(String[]

args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error - 27.03.2009 05:01:34 | Computer Name = XXXXXXXX | Source = Userenv | ID = 1053

Description = Windows cannot determine the user or computer name. (The specified

domain either does not exist or could not be contacted. ). Group Policy processing

aborted.

 

[ System Events ]

Error - 14.11.2008 03:13:03 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\PROGRA~2\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST"

on line 5.

 

Error - 14.11.2008 03:13:03 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\PROGRA~2\Citrix\ICACLI~1\MFC80.DLL.

Reference

error message: The manifest file contains one or more syntax errors. .

 

Error - 14.11.2008 05:31:51 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842786

Description = Component identity found in manifest does not match the identity of

the component requested

 

Error - 14.11.2008 05:31:51 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842786

Description = Component identity found in manifest does not match the identity of

the component requested

 

Error - 14.11.2008 05:31:51 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\PROGRA~2\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST"

on line 5.

 

Error - 14.11.2008 05:31:51 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\PROGRA~2\Citrix\ICACLI~1\MFC80.DLL.

Reference

error message: The manifest file contains one or more syntax errors. .

 

Error - 14.11.2008 06:44:07 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842786

Description = Component identity found in manifest does not match the identity of

the component requested

 

Error - 14.11.2008 06:44:07 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842786

Description = Component identity found in manifest does not match the identity of

the component requested

 

Error - 14.11.2008 06:44:07 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842810

Description = Syntax error in manifest or policy file "C:\PROGRA~2\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST"

on line 5.

 

Error - 14.11.2008 06:44:07 | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\PROGRA~2\Citrix\ICACLI~1\MFC80.DLL.

Reference

error message: The manifest file contains one or more syntax errors. .

 

 

< End of report >

 

 

 

På forhånd takk!