Need help regarding my C: drive opening at boot!!!!

This is my first time here btw..

For a while now my local disc (C has been opening everytime I fire up my comp.
I've fixed this before, but this time it's hopeless..

Here's my HjT log:

Logfile of HijackThis v1.99.1
Scan saved at 16:12:34, on 12.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
C:\Programfiler\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programfiler\F-Secure\Common\FSM32.EXE
C:\Programfiler\F-Secure\Common\FSMA32.EXE
C:\Programfiler\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programfiler\F-Secure\Common\FSMB32.EXE
C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe
C:\Programfiler\F-Secure\Common\FCH32.EXE
C:\Programfiler\Unlocker\UnlockerAssistant.exe
C:\Programfiler\Creative\SBLive\Diagnostics\diagent.exe
C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programfiler\F-Secure\Common\FAMEH32.EXE
C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programfiler\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\F-Secure\Common\FNRB32.EXE
C:\Programfiler\F-Secure\Common\FIH32.EXE
C:\Programfiler\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Digital Line Detect\DLG.exe
C:\Programfiler\Google\Google Updater\GoogleUpdater.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Lene\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {106894D9-0911-CE58-C293-D4E6064A662D} - C:\DOCUME~1\Lene\PROGRA~1\CHININ~1\MoveWarn.exe (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programfiler\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31
O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [diagent] C:\Programfiler\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] 386.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Programfiler\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Win32 USB2 Driver] usb2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [MessengerPlus3] "\" /WinStart
O4 - HKCU\..\Run: [CAMP TIME] C:\DOCUME~1\Lene\PROGRA~1\CITYON~1\MP3 THAT.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programfiler\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....com/abarth/no/win/QuickTimeFullInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094244046390
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Programfiler\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Programfiler\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programfiler\F-Secure\Common\FSMA32.EXE
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Win32 USB2.0 Driver - Unknown owner - C:\WINDOWS\System32\386.exe" -netsvcs (file missing)



Hope anyone can help me out here!!!

 

Hi larsie91

You most definitely are infected.

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards

 

Woaw Thanx! that really did help the speed..
Though the problem with the C drive still remains, I personally suspect it for being a startup setting I maybe f****d up once..

here' the ComboFix log:

ComboFix 08-10-12.01 - Lene 2008-10-13 18:01:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.212 [GMT 2:00]
Running from: C:\Documents and Settings\Lene\Skrivebord\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programfiler\Fellesfiler\WinSoftware
C:\WINDOWS\system32\MSINET.oca
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WIN32_USB2_DRIVER


((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-10-12 15:52 . 2008-10-12 15:51 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-10-12 15:50 . 2008-10-12 16:19 <DIR> d-------- C:\Documents and Settings\Lene\.housecall6.6
2008-10-12 14:17 . 2008-10-12 22:15 <DIR> dr-h----- C:\Documents and Settings\Lene\Siste
2008-10-12 14:14 . 2008-10-12 14:14 <DIR> d-------- C:\Programfiler\CCleaner
2008-10-11 12:51 . 2008-10-11 12:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\no
2008-10-11 12:51 . 2008-10-11 12:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-10 20:05 . 2008-10-12 13:23 <DIR> d---s---- C:\Documents and Settings\All Users\Programdata\Memeo
2008-10-10 20:00 . 2008-10-10 20:00 <DIR> d-------- C:\Programfiler\Western Digital
2008-10-10 19:58 . 2008-10-10 19:58 <DIR> d-------- C:\Programfiler\Western Digital Technologies
2008-10-07 15:53 . 2008-04-14 18:22 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll
2008-10-07 15:53 . 2008-04-14 18:22 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll
2008-10-07 15:53 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-10-07 15:53 . 2008-04-14 18:22 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-10-07 15:53 . 2008-04-14 18:22 53,248 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-10-07 15:53 . 2008-04-14 18:22 50,688 --------- C:\WINDOWS\SYSTEM32\tspkg.dll
2008-10-07 15:52 . 2008-04-14 18:22 412,160 --------- C:\WINDOWS\SYSTEM32\photometadatahandler.dll
2008-10-07 15:52 . 2008-04-14 18:22 292,352 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-10-07 15:52 . 2008-04-14 18:22 290,304 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-10-07 15:52 . 2008-04-14 18:22 150,528 --------- C:\WINDOWS\SYSTEM32\qagent.dll
2008-10-07 15:52 . 2008-04-14 18:22 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
2008-10-07 15:52 . 2008-04-14 18:22 76,800 --------- C:\WINDOWS\SYSTEM32\qutil.dll
2008-10-07 15:52 . 2008-04-14 18:22 62,464 --------- C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-10-07 15:52 . 2008-04-14 18:22 61,952 --------- C:\WINDOWS\SYSTEM32\rasqec.dll
2008-10-07 15:52 . 2008-04-14 18:23 32,768 --------- C:\WINDOWS\SYSTEM32\setupn.exe
2008-10-07 15:52 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-07 15:50 . 2008-04-14 18:22 61,440 --------- C:\WINDOWS\SYSTEM32\kmsvc.dll
2008-10-07 15:50 . 2008-04-14 18:22 37,376 --------- C:\WINDOWS\SYSTEM32\l2gpstore.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdpash.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdnepr.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdiultn.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdbhc.dll
2008-10-07 15:50 . 2008-04-14 17:57 2,524 --------- C:\WINDOWS\SYSTEM32\pid.inf
2008-10-07 15:48 . 2008-04-14 18:21 233,472 --------- C:\WINDOWS\SYSTEM32\azroles.dll
2008-10-07 15:48 . 2008-04-14 18:21 48,640 --------- C:\WINDOWS\SYSTEM32\dhcpqec.dll
2008-10-07 15:48 . 2008-04-14 18:21 12,800 --------- C:\WINDOWS\SYSTEM32\credssp.dll
2008-10-07 15:48 . 2008-04-14 18:21 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx4.dll
2008-10-07 15:47 . 2008-04-14 18:21 136,192 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-10-05 22:07 . 2008-10-05 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-20 18:44 . 2008-09-20 18:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR
2008-09-20 18:30 . 2008-09-20 18:30 <DIR> d-------- C:\Programfiler\NOS
2008-09-20 18:30 . 2008-09-20 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS
2008-09-15 17:09 . 2008-09-15 17:09 <DIR> d-------- C:\Programfiler\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 15:57 --------- d-----w C:\Programfiler\Norman
2008-10-12 15:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater
2008-10-12 12:00 --------- d-----w C:\Documents and Settings\Lene\Programdata\uTorrent
2008-10-12 11:23 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-10-10 20:56 --------- d-----w C:\Programfiler\LimeWire
2008-10-05 20:31 --------- d-----w C:\Documents and Settings\Lene\Programdata\Apple Computer
2008-10-05 20:09 --------- d-----w C:\Programfiler\iTunes
2008-10-05 20:07 --------- d-----w C:\Programfiler\iPod
2008-09-20 16:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2008-09-15 15:08 --------- d-----w C:\Programfiler\Java
2008-09-12 18:33 --------- d-----w C:\Programfiler\NVIDIA Corporation
2008-09-12 18:27 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application
2008-09-11 15:55 --------- d-----w C:\Programfiler\Bonjour
2008-09-11 15:54 --------- d-----w C:\Programfiler\QuickTime
2008-09-11 15:52 --------- d-----w C:\Programfiler\Fellesfiler\Apple
2008-09-11 15:50 --------- d-----w C:\Programfiler\Apple Software Update
2008-08-31 08:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor
2008-08-31 08:43 --------- d-----w C:\Programfiler\Telenor
2008-08-31 08:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Emotum
2008-08-17 15:23 --------- d-----w C:\Programfiler\Microsoft Silverlight
2008-08-17 15:16 --------- d-----w C:\Programfiler\DivX
2008-08-17 15:15 --------- d-----w C:\Programfiler\FLAC
2007-12-07 16:31 93,320 -c--a-w C:\Documents and Settings\Lene\Programdata\GDIPFONTCACHEV1.DAT
2003-05-25 10:36 1,860 -c--a-w C:\Programfiler\uninstal.log
2005-04-01 15:26 61 -csh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="/WinStart" [X]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 40960]
"Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]
"diagent"="C:\Programfiler\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 81920]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-06-29 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2002-05-16 C:\WINDOWS\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2003-03-12 45056]
Google Updater.lnk - C:\Programfiler\Google\Google Updater\GoogleUpdater.exe [2007-10-23 125624]
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\uTorrent\\uTorrent.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2006-01-07 2944]
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2004-11-04 16384]
R2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Common\FSfilter.sys [2002-12-05 14640]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Common\fsgk.sys [2002-12-05 79600]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Common\FSrec.sys [2002-12-05 12944]
R2 FSpm;F-Secure Policy Manager;C:\Programfiler\F-Secure\Common\FSPM.SYS [2002-12-05 65328]
R3 ZSMC302;Audio Web Cam 31;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-22 90559]
S2 Win32 USB2.0 Driver;Win32 USB2.0 Driver;C:\WINDOWS\System32\386.exe [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
.
Contents of the 'Scheduled Tasks' folder

2008-09-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2004-10-14 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE [2002-09-30 12:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{106894D9-0911-CE58-C293-D4E6064A662D} - C:\DOCUME~1\Lene\PROGRA~1\CHININ~1\MoveWarn.exe
HKCU-Run-Uniblue RegistryBooster 2 - C:\Programfiler\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-updateMgr - C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-CAMP TIME - C:\DOCUME~1\Lene\PROGRA~1\CITYON~1\MP3 THAT.exe
HKCU-Run-Win32 USB2 Driver - usb2.exe
HKLM-Run-TkBellExe - C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
HKLM-Run-Telenor Online Start - C:\Programfiler\Telenor\Online Start\Telenor.exe
HKLM-Run-NapsterShell - C:\Programfiler\Napster\napster.exe
HKLM-Run-Win32 USB2.0 Driver - 386.exe
HKU-Default-Run-msnmsgr - C:\Programfiler\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lene\Programdata\Mozilla\Firefox\Profiles\ejr2ci10.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.nrk.no
FF -: plugin - C:\Documents and Settings\Lene\Programdata\Mozilla\Firefox\Profiles\ejr2ci10.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Programfiler\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programfiler\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Programfiler\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 18:08:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
-> C:\Programfiler\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe
C:\Programfiler\F-Secure\BackWeb\7681197\Program\backWeb-7681197.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\UAService7.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Programfiler\F-Secure\Common\FSMA32.exe
C:\Programfiler\F-Secure\Common\FSMB32.exe
C:\Programfiler\F-Secure\Common\fch32.exe
C:\Programfiler\F-Secure\Common\FAMEH32.exe
C:\Programfiler\F-Secure\Common\FNRB32.exe
C:\Programfiler\F-Secure\Common\FIH32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Programfiler\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-13 18:19:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-13 16:18:58

Pre-Run: 40 559 083 520 byte ledig
Post-Run: 40,700,678,144 byte ledig

233 --- E O F --- 2008-10-12 12:59:26

 

Hey larsie91

Please download Advanced Windowscare Personal and install it. Update it, and then run a scan. Fix everything except Startup Manage. Reboot, and see if this fixes your problem.

Best Regards

 

Thank you so much!

Haven't done the scan yet, but my PC is way more quicker now!

Do you know of any good and trusted spyware/virus antiprograms?
Freeware would be the best, but any recommended shareware programs are certainly welcome. My dad uses Spyware Doctor..?

Again thanks a million!

Larsie91

 

Well now I did scan and reboot. it still pops up..

 

Hey larsie91

Sorry... my mistake. You still are infected.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

Open Notepad and copy/paste the text in the code box below into it:

Code:

C:\WINDOWS\System32\386.exe 

• Save this as CFScript.txt in the same folder as ComboFix.
• Then drag the CFScript.txt into Combo-Fix.exe.
• This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).

Do not click on the ComoboFix window, as it may cause it to stall.

After that, please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runners by double-clicking the "Silent Runners" icon on your desktop.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt "All Done!", double-click the new text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Do you still want to fix the popping up problem? If not, ignore the second set of instructions.

Best Regards

PS: For recommended programs, this is what I use:

Antivir Personal
Superantispyware Pro*
Malwarebytes
Comodo Firewall Pro
SnoopFree Privacy Shield

*This is the shareware version. It is not necessary, as the freeware version will offer the same detection, just without real-time protection. Simply scanning your computer from time to time and scanning every downloaded file before opening it will make the freeware version as good as the shareware one.

 

Here's the log: (unbelievable that you can actually interpret these codes)

ComboFix 08-10-12.01 - Lene 2008-10-14 16:50:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.174 [GMT 2:00]
Running from: C:\Documents and Settings\Lene\Skrivebord\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-14 16:06 . 2008-10-14 16:06 <DIR> d-------- C:\Programfiler\IObit
2008-10-12 15:52 . 2008-10-12 15:51 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-10-12 15:50 . 2008-10-12 16:19 <DIR> d-------- C:\Documents and Settings\Lene\.housecall6.6
2008-10-12 14:17 . 2008-10-14 16:48 <DIR> dr-h----- C:\Documents and Settings\Lene\Siste
2008-10-12 14:14 . 2008-10-12 14:14 <DIR> d-------- C:\Programfiler\CCleaner
2008-10-11 12:51 . 2008-10-11 12:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\no
2008-10-11 12:51 . 2008-10-11 12:51 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-10 20:05 . 2008-10-12 13:23 <DIR> d---s---- C:\Documents and Settings\All Users\Programdata\Memeo
2008-10-10 20:00 . 2008-10-10 20:00 <DIR> d-------- C:\Programfiler\Western Digital
2008-10-10 19:58 . 2008-10-10 19:58 <DIR> d-------- C:\Programfiler\Western Digital Technologies
2008-10-07 15:53 . 2008-04-14 18:22 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll
2008-10-07 15:53 . 2008-04-14 18:22 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll
2008-10-07 15:53 . 2008-04-14 18:22 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-10-07 15:53 . 2008-04-14 18:22 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-10-07 15:53 . 2008-04-14 18:22 53,248 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-10-07 15:53 . 2008-04-14 18:22 50,688 --------- C:\WINDOWS\SYSTEM32\tspkg.dll
2008-10-07 15:52 . 2008-04-14 18:22 412,160 --------- C:\WINDOWS\SYSTEM32\photometadatahandler.dll
2008-10-07 15:52 . 2008-04-14 18:22 292,352 --------- C:\WINDOWS\SYSTEM32\qagentrt.dll
2008-10-07 15:52 . 2008-04-14 18:22 290,304 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-10-07 15:52 . 2008-04-14 18:22 150,528 --------- C:\WINDOWS\SYSTEM32\qagent.dll
2008-10-07 15:52 . 2008-04-14 18:22 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
2008-10-07 15:52 . 2008-04-14 18:22 76,800 --------- C:\WINDOWS\SYSTEM32\qutil.dll
2008-10-07 15:52 . 2008-04-14 18:22 62,464 --------- C:\WINDOWS\SYSTEM32\qcliprov.dll
2008-10-07 15:52 . 2008-04-14 18:22 61,952 --------- C:\WINDOWS\SYSTEM32\rasqec.dll
2008-10-07 15:52 . 2008-04-14 18:23 32,768 --------- C:\WINDOWS\SYSTEM32\setupn.exe
2008-10-07 15:52 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\SYSTEM32\DRIVERS\sffp_mmc.sys
2008-10-07 15:50 . 2008-04-14 18:22 61,440 --------- C:\WINDOWS\SYSTEM32\kmsvc.dll
2008-10-07 15:50 . 2008-04-14 18:22 37,376 --------- C:\WINDOWS\SYSTEM32\l2gpstore.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdpash.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdnepr.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdiultn.dll
2008-10-07 15:50 . 2008-04-14 18:20 6,144 --------- C:\WINDOWS\SYSTEM32\kbdbhc.dll
2008-10-07 15:50 . 2008-04-14 17:57 2,524 --------- C:\WINDOWS\SYSTEM32\pid.inf
2008-10-07 15:48 . 2008-04-14 18:21 233,472 --------- C:\WINDOWS\SYSTEM32\azroles.dll
2008-10-07 15:48 . 2008-04-14 18:21 48,640 --------- C:\WINDOWS\SYSTEM32\dhcpqec.dll
2008-10-07 15:48 . 2008-04-14 18:21 12,800 --------- C:\WINDOWS\SYSTEM32\credssp.dll
2008-10-07 15:48 . 2008-04-14 18:21 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx4.dll
2008-10-07 15:47 . 2008-04-14 18:21 136,192 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-10-05 22:07 . 2008-10-05 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-20 18:44 . 2008-09-20 18:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe AIR
2008-09-20 18:30 . 2008-09-20 18:30 <DIR> d-------- C:\Programfiler\NOS
2008-09-20 18:30 . 2008-09-20 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NOS
2008-09-15 17:09 . 2008-09-15 17:09 <DIR> d-------- C:\Programfiler\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 14:45 --------- d-----w C:\Documents and Settings\Lene\Programdata\uTorrent
2008-10-13 17:49 --------- d-----w C:\Documents and Settings\All Users\Programdata\Google Updater
2008-10-13 15:57 --------- d-----w C:\Programfiler\Norman
2008-10-12 11:23 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2008-10-10 20:56 --------- d-----w C:\Programfiler\LimeWire
2008-10-05 20:31 --------- d-----w C:\Documents and Settings\Lene\Programdata\Apple Computer
2008-10-05 20:09 --------- d-----w C:\Programfiler\iTunes
2008-10-05 20:07 --------- d-----w C:\Programfiler\iPod
2008-09-20 16:41 --------- d-----w C:\Programfiler\Fellesfiler\Adobe
2008-09-15 15:08 --------- d-----w C:\Programfiler\Java
2008-09-12 18:33 --------- d-----w C:\Programfiler\NVIDIA Corporation
2008-09-12 18:27 --------- d-----w C:\Programfiler\NVIDIA nTune Performance Application
2008-09-11 15:55 --------- d-----w C:\Programfiler\Bonjour
2008-09-11 15:54 --------- d-----w C:\Programfiler\QuickTime
2008-09-11 15:52 --------- d-----w C:\Programfiler\Fellesfiler\Apple
2008-09-11 15:50 --------- d-----w C:\Programfiler\Apple Software Update
2008-08-31 08:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Telenor
2008-08-31 08:43 --------- d-----w C:\Programfiler\Telenor
2008-08-31 08:43 --------- d-----w C:\Documents and Settings\All Users\Programdata\Emotum
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\SYSTEM32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\SYSTEM32\dnssd.dll
2008-08-17 15:23 --------- d-----w C:\Programfiler\Microsoft Silverlight
2008-08-17 15:16 --------- d-----w C:\Programfiler\DivX
2008-08-17 15:15 --------- d-----w C:\Programfiler\FLAC
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2007-12-07 16:31 93,320 -c--a-w C:\Documents and Settings\Lene\Programdata\GDIPFONTCACHEV1.DAT
2003-05-25 10:36 1,860 -c--a-w C:\Programfiler\uninstal.log
2005-04-01 15:26 61 -csh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-13_18.18.30.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-13 15:57:48 1,984 ----a-w C:\WINDOWS\SYSTEM32\d3d9caps.dat
+ 2008-10-13 16:27:51 1,984 ----a-w C:\WINDOWS\SYSTEM32\d3d9caps.dat
+ 2008-10-14 14:19:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_718.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="/WinStart" [X]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Programfiler\F-Secure\Common\FSM32.EXE" [2002-12-05 106571]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 40960]
"Telenorhjelpen"="C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]
"diagent"="C:\Programfiler\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 81920]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-06-29 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2002-05-16 C:\WINDOWS\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2003-03-12 45056]
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\Programfiler\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\uTorrent\\uTorrent.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"C:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2006-01-07 2944]
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2004-11-04 16384]
R2 F-Secure Filter;F-Secure File System Filter;C:\Programfiler\F-Secure\Common\FSfilter.sys [2002-12-05 14640]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programfiler\F-Secure\Common\fsgk.sys [2002-12-05 79600]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programfiler\F-Secure\Common\FSrec.sys [2002-12-05 12944]
R2 FSpm;F-Secure Policy Manager;C:\Programfiler\F-Secure\Common\FSPM.SYS [2002-12-05 65328]
R3 ZSMC302;Audio Web Cam 31;C:\WINDOWS\system32\Drivers\usbvm302.sys [2004-03-22 90559]
S2 Win32 USB2.0 Driver;Win32 USB2.0 Driver;C:\WINDOWS\System32\386.exe [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
.
Contents of the 'Scheduled Tasks' folder

2008-09-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2004-10-14 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE [2002-09-30 12:18]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lene\Programdata\Mozilla\Firefox\Profiles\ejr2ci10.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.nrk.no
FF -: plugin - C:\Documents and Settings\Lene\Programdata\Mozilla\Firefox\Profiles\ejr2ci10.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
FF -: plugin - C:\Programfiler\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Programfiler\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programfiler\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Programfiler\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\NPAdbESD.dll
FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 16:53:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-10-14 16:56:52
ComboFix-quarantined-files.txt 2008-10-14 14:55:47

Pre-Run: 40 713 695 232 byte ledig
Post-Run: 40,710,623,232 byte ledig

211 --- E O F --- 2008-10-12 12:59:26

 

Hey larsie91

It isn't that hard to interpret these codes. You can learn at www.malwareremoval.com

Now,
• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

See if C:\WINDOWS\System32\386.exe exists. If so, delete it.

Do you want to try and fix the C: drive problem? How did you fix it the last time?

Best Regards

 

To be frank I don't remember. I read another forum somewhere and followed the same steps.. And it worked. It's a long time now, had this comp. for almost 5 years

about the 386.exe.. I found krnl386.exe, an affiliated .txt (386.exe-up.txt), and some folders (i386) I guess those shouldn't be deleted?

Lars

 

btw. that Silent Runners thing hasn't come up with any "Done" tab.. just sits there doing nothing

 

Hey larsie91

Forget Silent Runners. Now I'm baffled. There haven't been a fix for such things yet: see these websites

http://www.i-mockery.com/forum/showthread.php?t=22669
http://www.techsupportforum.com/mic...16103-c-drive-opening-everytime-i-reboot.html

Maybe these will help...

Best Wishes

 

Hi

Now I just tried the msconfig, and there is nothing there that screams "remove me".. and I dont wanna remove something I don't know what is

Is there something in this list that definetely shouldn't be there?
Or should I try another type of startup in the "general" tab?

Lars

 

Hey larsie91

After doing a more research, I believe that you are still infected. Try doing the Silent Runners log again. This time, disable all security software, such as Norman and F-secure!

Best Regards

 

Hey cdavfrew

Finally got the hang on it:

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"NVIDIA nTune" = ""C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"]
"MessengerPlus3" = ""\" /WinStart" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"F-Secure Manager" = ""C:\Programfiler\F-Secure\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE Audio Web Cam 31" ["VM."]
"Telenorhjelpen" = ""C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe"" ["Telenor"]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"diagent" = "C:\Programfiler\Creative\SBLive\Diagnostics\diagent.exe startup" ["Creative Technology Ltd"]
"QuickTime Task" = ""C:\Programfiler\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"UnlockerAssistant" = ""C:\Programfiler\Unlocker\UnlockerAssistant.exe" -H" [null data]
"SunJavaUpdateSched" = ""C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"]
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"AdaptecDirectCD" = ""C:\Programfiler\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Adobe Reader Speed Launcher" = ""C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"iTunesHelper" = ""C:\Programfiler\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"COMODO SafeSurf" = ""C:\Programfiler\COMODO\SafeSurf\cssurf.exe" -s" ["COMODO"]
"COMODO Firewall Pro" = ""C:\Programfiler\COMODO\Firewall\cfp.exe" -h" ["COMODO"]
"avgnt" = ""C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\(Default) = "Ask Search Assistant BHO"
-> {HKLM...CLSID} = "Ask Search Assistant BHO"
\InProcServer32\(Default) = "C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" ["Ask.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Påloggingshjelp for Windows Live"
\InProcServer32\(Default) = "C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Programfiler\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll" ["Google Inc."]
{DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516}\(Default) = "Telenor Telenorhjelpen Plugin"
-> {HKLM...CLSID} = "Telenor Telenorhjelpen Plugin"
\InProcServer32\(Default) = "C:\Programfiler\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll" ["Telenor"]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
\InProcServer32\(Default) = "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL" ["Ask.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrollpanelsutvidelse for skjermpanorering"
-> {HKLM...CLSID} = "Kontrollpanelsutvidelse for skjermpanorering"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Ikonutvidelse for HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Filtype for Outlook-filikon"
\InProcServer32\(Default) = "C:\Programfiler\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programfiler\Microsoft Office\Office10\msohev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programfiler\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mine delte mapper"
\InProcServer32\(Default) = "C:\Programfiler\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02}" = "TIShelEx Shell Extension"
-> {HKLM...CLSID} = "FileTimeShlExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FELLES~1\TISHAR~1\TICONN~1\TIShlExt.dll" ["Texas Instruments Incorporated"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programfiler\Unlocker\UnlockerCOM.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programfiler\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programfiler\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programfiler\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programfiler\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programfiler\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Programfiler\Unlocker\UnlockerCOM.dll" [null data]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Lene\Lokale innstillinger\Programdata\Microsoft\Wallpaper1.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "file:///C:/DOCUME~1/Lene/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL" = "file:///C:/DOCUME~1/Lene/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Programfiler\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Programfiler\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Programfiler\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Programfiler\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MGIVideoCameraArrival\
"Provider" = "Dell Movie Studio"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Programfiler\Roxio\VideoWaveMC\VideoWaveMC.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MSVideoCameraArrival\
"Provider" = "@C:\Programfiler\Movie Maker\1044\wmm2res.dll,-100"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Programfiler\Movie Maker\moviemk.exe" /RECORD"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Programfiler\CyberLink\PowerDVD\PowerDVD.exe %1" ["CyberLink Corp."]

RoxioSelectOnArrival\
"Provider" = "Roxio Easy CD Creator"
"InvokeProgID" = "CreateCD50"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CreateCD50\shell\open\Command\(Default) = ""C:\Programfiler\Fellesfiler\Adaptec Shared\CreateCD\CreateCD50.exe" -x" ["Roxio"]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Programfiler\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]


Startup items in "Lene" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
"Digital Line Detect" -> shortcut to: "C:\Programfiler\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Microsoft Office" -> shortcut to: "C:\Programfiler\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Programfiler\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programfiler\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Programfiler\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL" ["Ask.com"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Programfiler\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programfiler\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" ["Ask.com"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."]
Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, ""C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Personal - Free Antivirus Scheduler, AntiVirScheduler, ""C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Bonjour-tjeneste, Bonjour Service, "C:\Programfiler\Bonjour\mDNSResponder.exe" ["Apple Inc."]
COMODO Firewall Pro Helper Service, cmdAgent, ""C:\Programfiler\COMODO\Firewall\cmdagent.exe"" ["COMODO"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
F-Secure BackWeb, BackWeb Client - 7681197, "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" [null data]
F-Secure Management Agent, FSMA, ""C:\Programfiler\F-Secure\Common\FSMA32.EXE"" ["F-Secure Corporation"]
F-Secure Network Request Broker, F-Secure Network Request Broker, ""C:\Programfiler\F-Secure\Common\FNRB32.EXE"" ["F-Secure Corporation"]
Google Updater Service, gusvc, ""C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
iPod-tjeneste, iPod Service, "C:\Programfiler\iPod\bin\iPodService.exe" ["Apple Inc."]
Machine Debug Manager, MDM, ""C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
nTune Service, nTuneService, "C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" [null data]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON V6 Monitor4SA\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]


---------- (launch time: 2008-10-16 18:09:12)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 124 seconds, including 18 seconds for message boxes)

 

Hey larsie91

And then we're back to square one... your silent runners log is squeaky clean.

I see that you have adequate malware protection, so it shouldn't be malware...

I'm sorry, but I don't have guarantees for fixing this...

Best Regards

 

Well thanks anyway.. this made my pc much faster + I got myself an extra HD for all that music..

Thanks for all help

Lars

 

You're welcome Lars.

Cheers