Malware

View previous topic View next topic Go down

Malware

Post by Martin89 on Wed 11 Aug 2010, 3:05 am

Hey

The last day I got the malware virus on my other computer. In the beginning, I could'nt open internet or "add or remove softwares" in the controll panel. Now, i can't be on my computer for more than 1 min, before it shuts down. Therfore i cant get my personal files on a hardisc. Is it possible to save mye personal stuff, at the same time as i delete the virus. Is it possible to get rid of it when i start the computer while using f2 or f8 in the starting progress? I have a packard bell computer. The computer is around 5 years old (yes, its time to get a new one, but first, i want my stuff back).

Thanks
Martin

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Wed 11 Aug 2010, 6:21 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Martin89 on Wed 11 Aug 2010, 9:20 am

Its inpossible to open the boot device when I try to use f8. It's just f2 who's working.

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Wed 11 Aug 2010, 4:29 pm

Could you load the CD?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Martin89 on Thu 12 Aug 2010, 11:27 pm

The cd works fine. I did'nt need the f8 button i guess. Before i started the scan, I marked "none" under the "drivers". Anyway, here's what's camed up:


OTL logfile created on: 8/12/2010 3:00:55 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 28.80 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS)
SRV - [2010/08/09 19:43:29 | 000,019,456 | ---- | M] () [Auto] -- C:\WINDOWS\system32\msippsth.dll -- (TCPIP Pass-through Filter)
SRV - [2010/06/26 11:13:02 | 002,561,624 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/22 03:48:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 03:48:50 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/22 03:48:47 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/02/22 13:47:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 16:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport)
SRV - [2001/08/23 08:00:00 | 000,101,376 | ---- | M] () [Auto] -- C:\WINDOWS\system32\asmumvu.dll -- (rxskandp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522





O1 HOSTS File: ([2010/03/18 05:17:33 | 000,000,766 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts:
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {19BB711B-4DBE-49EC-9715-B0F4C759A225} - C:\WINDOWS\system32\asmumvu.dll ()
O2 - BHO: (adShotHlpr Object) - {306D663B-B85C-4832-9008-9D804F152971} - C:\WINDOWS\system32\lmhgp.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (moigh Object) - {82521A06-3504-4CB5-ABF5-1180D25E4B70} - C:\WINDOWS\system32\hmhgp.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Martin_S._Sjorbotten_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [19440] C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Temp\451.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Martin_S._Sjorbotten_ON_C..\Run: [secureapp70700.exe] C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0\secureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\cfdrive32.exe (Ook2pe097C)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blogg dette - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\System32\gclrs.dll ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\capesnpn32.dll) - C:\WINDOWS\System32\capesnpn32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - HKLM Winlogon: System - (C:\WINDOWS\system32\svcnost.exe) - C:\WINDOWS\System32\svcnost.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe) - C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe ()
O20 - Winlogon\Notify\__c00E8610: DllName - C:\WINDOWS\system32\__c00E8610.dat - C:\WINDOWS\System32\__c00E8610.dat File not found
O20 - Winlogon\Notify\280d4527448: DllName - C:\WINDOWS\System32\capesnpn32.dll - C:\WINDOWS\System32\capesnpn32.dll File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/13 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell - "" = AutoRun
O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bfef5672-71dd-11dd-bf2a-0013d420638b}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 20:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/09 20:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe
[2010/08/09 19:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads
[2010/08/09 19:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners
[2010/08/09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq
[2010/08/09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0
[2010/08/09 19:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style
[2010/08/08 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\The G
[2010/07/19 04:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\PCHealth
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys
[2010/08/10 11:07:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/08/10 11:06:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 11:06:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/09 20:02:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/09 19:51:26 | 000,155,648 | RHS- | M] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe
[2010/08/09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe
[2010/08/09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe
[2010/08/09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll
[2010/08/09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll
[2010/08/09 19:35:55 | 000,046,579 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent
[2010/08/09 19:31:38 | 000,016,852 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent
[2010/08/08 17:25:46 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT
[2010/08/07 16:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/07 12:55:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/07 02:11:08 | 000,012,875 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent
[2010/08/06 12:09:39 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc
[2010/07/30 15:50:35 | 068,311,904 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Untitled.wmv
[2010/07/30 15:15:14 | 003,163,238 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp
[2010/07/30 15:14:58 | 005,731,266 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp
[2010/07/30 15:12:48 | 002,428,300 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp
[2010/07/26 22:59:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini
[2010/07/25 17:34:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/19 03:57:04 | 001,995,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/16 18:13:38 | 000,000,870 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/16 18:12:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/16 18:07:18 | 000,506,186 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/16 18:07:18 | 000,444,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/16 18:07:18 | 000,072,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/16 00:18:18 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hmhgp.dll
[2010/07/16 00:18:04 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\lmhgp.dll
[2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\ymhgp.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 20:33:42 | 000,005,522 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\19BB711B-4DBE-49EC-9715-B0F4C759A225.txt
[2010/08/09 20:02:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/09 19:52:31 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/09 19:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys
[2010/08/09 19:51:34 | 000,024,576 | ---- | C] () -- C:\lsass.exe
[2010/08/09 19:43:51 | 000,111,616 | RHS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe
[2010/08/09 19:43:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\msippsth.dll
[2010/08/09 19:43:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\gclrs.dll
[2010/08/09 19:35:55 | 000,046,579 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent
[2010/08/09 19:31:38 | 000,016,852 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent
[2010/08/07 02:11:08 | 000,012,875 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent
[2010/08/06 12:09:39 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc
[2010/07/30 15:13:48 | 003,163,238 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp
[2010/07/30 15:13:01 | 005,731,266 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp
[2010/07/30 15:11:53 | 002,428,300 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp
[2010/07/25 17:34:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/25 17:34:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/16 00:18:18 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hmhgp.dll
[2010/07/16 00:18:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lmhgp.dll
[2010/07/13 20:43:22 | 000,040,581 | ---- | C] () -- C:\WINDOWS\System32\ymhgp.exe
[2010/02/02 09:48:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\fusioncache.dat
[2010/02/02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys
[2009/08/13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys
[2009/08/13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys
[2009/08/13 11:11:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\wiaserva.log
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/05 20:04:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/25 12:43:51 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2009/01/25 12:43:51 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2009/01/25 12:43:51 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll
[2009/01/25 12:43:51 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll
[2009/01/25 09:59:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MagicTranslator.ini
[2009/01/25 09:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\t3xmartin s. sjorbotten.sys
[2009/01/25 09:45:42 | 000,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/10/06 13:19:40 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/06 13:19:40 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fS.manifest
[2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fO.manifest
[2008/09/21 16:03:09 | 000,000,328 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fP.manifest
[2008/09/21 16:03:09 | 000,000,013 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fC.manifest
[2008/07/22 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/20 15:53:56 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\default.pls
[2008/07/20 15:53:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/15 18:31:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\.rnd
[2007/05/06 17:26:39 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\dxva_sig.txt
[2007/01/20 11:19:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll
[2007/01/14 11:10:15 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/14 09:54:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/13 20:01:13 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/13 14:23:54 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS
[2007/01/13 13:37:56 | 000,086,016 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.dat.LOG
[2007/01/13 13:37:56 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini
[2007/01/13 13:37:55 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT
[2007/01/13 13:35:52 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/01/13 13:35:52 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/01/13 13:35:52 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/01/13 13:35:33 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/01/13 13:35:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/01/13 13:35:32 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 06:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 06:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 06:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 06:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 06:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 06:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/04/18 00:20:52 | 000,012,186 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\logs.dat
[2004/09/07 09:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/04/02 05:59:50 | 000,005,263 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\asmumvu.dll
[2001/08/23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/08/09 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0
[2010/06/10 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AVG9
[2010/01/22 11:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AviDvdBurner
[2007/10/15 15:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\eLanguage
[2009/06/19 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\fizzy
[2007/01/13 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\gtopala
[2010/08/09 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\LimeWire
[2008/11/19 12:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\NCH Swift Sound
[2007/01/13 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Opera
[2010/08/09 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners
[2010/08/09 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Spotify
[2010/08/09 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads
[2010/05/16 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Synthesia
[2009/04/13 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\TeamViewer
[2009/11/29 05:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Tibia
[2010/02/01 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Uniblue
[2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:538C9E95F8C91C97
< End of report >



Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Sat 14 Aug 2010, 4:13 pm

Warning: this OTL fix has active links. Please do not click on the links below, or your computer might become infected immediately!

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    C:\WINDOWS\tasks\At*.job

    :otl
    SRV - [2001/08/23 08:00:00 | 000,101,376 | ---- | M] () [Auto] -- C:\WINDOWS\system32\asmumvu.dll -- (rxskandp)
    IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts:
    O2 - BHO: () - {19BB711B-4DBE-49EC-9715-B0F4C759A225} - C:\WINDOWS\system32\asmumvu.dll ()
    O2 - BHO: (adShotHlpr Object) - {306D663B-B85C-4832-9008-9D804F152971} - C:\WINDOWS\system32\lmhgp.dll ()
    O2 - BHO: (moigh Object) - {82521A06-3504-4CB5-ABF5-1180D25E4B70} - C:\WINDOWS\system32\hmhgp.dll ()
    O4 - HKLM..\Run: [19440] C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Temp\451.exe ()
    O4 - HKU\Martin_S._Sjorbotten_ON_C..\Run: [secureapp70700.exe] C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0\secureapp70700.exe (MS)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\cfdrive32.exe (Ook2pe097C)
    O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\gclrs.dll ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\System32\gclrs.dll ()
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\capesnpn32.dll) - C:\WINDOWS\System32\capesnpn32.dll File not found
    O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found
    O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
    O20 - HKLM Winlogon: System - (C:\WINDOWS\system32\svcnost.exe) - C:\WINDOWS\System32\svcnost.exe File not found
    O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe) - C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe ()
    O20 - Winlogon\Notify\__c00E8610: DllName - C:\WINDOWS\system32\__c00E8610.dat - C:\WINDOWS\System32\__c00E8610.dat File not found
    O20 - Winlogon\Notify\280d4527448: DllName - C:\WINDOWS\System32\capesnpn32.dll - C:\WINDOWS\System32\capesnpn32.dll File not found
    [2010/08/09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe
    [2010/08/09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq
    [2010/08/09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0
    [2010/08/10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys
    [2010/08/09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe
    [2010/08/09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe
    [2010/08/09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll
    [2010/08/09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll
    [2010/07/16 00:18:18 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hmhgp.dll
    [2010/07/16 00:18:04 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\lmhgp.dll
    [2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\ymhgp.exe
    [2010/02/02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys
    [2009/08/13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys
    [2009/08/13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys
    [2001/08/23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys
    [1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
    @Alternate Data Stream - 24 bytes -> C:\WINDOWS:538C9E95F8C91C97

    :commands
    [purity]
    [emptytemp]
    [emptyflash]
    [reboot]


  • Then click the Run Fix button at the top.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Martin89 on Mon 16 Aug 2010, 11:27 pm

Too many characters to send in one mail. Therfore, i've I send you the text in different post's.

OTL logfile created on: 8/16/2010 5:13:45 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 28.80 Gb Free Space | 15.46% Space Free | Partition Type: NTFS
Drive D: | 1.97 Gb Total Space | 1.97 Gb Free Space | 99.98% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS)
SRV - [2010/08/09 19:43:29 | 000,019,456 | ---- | M] () [Auto] -- C:\WINDOWS\system32\msippsth.dll -- (TCPIP Pass-through Filter)
SRV - [2010/06/26 11:13:02 | 002,561,624 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/22 03:48:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 03:48:50 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/22 03:48:47 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/02/22 13:47:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/05 16:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport)
SRV - [2001/08/23 08:00:00 | 000,101,376 | ---- | M] () [Auto] -- C:\WINDOWS\system32\asmumvu.dll -- (rxskandp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522





O1 HOSTS File: ([2010/03/18 05:17:33 | 000,000,766 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts:
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {19BB711B-4DBE-49EC-9715-B0F4C759A225} - C:\WINDOWS\system32\asmumvu.dll ()
O2 - BHO: (adShotHlpr Object) - {306D663B-B85C-4832-9008-9D804F152971} - C:\WINDOWS\system32\lmhgp.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (moigh Object) - {82521A06-3504-4CB5-ABF5-1180D25E4B70} - C:\WINDOWS\system32\hmhgp.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Martin_S._Sjorbotten_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [19440] C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Temp\451.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Martin_S._Sjorbotten_ON_C..\Run: [secureapp70700.exe] C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0\secureapp70700.exe (MS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\cfdrive32.exe (Ook2pe097C)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blogg dette - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\System32\gclrs.dll ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\capesnpn32.dll) - C:\WINDOWS\System32\capesnpn32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - HKLM Winlogon: System - (C:\WINDOWS\system32\svcnost.exe) - C:\WINDOWS\System32\svcnost.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe) - C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe ()
O20 - Winlogon\Notify\__c00E8610: DllName - C:\WINDOWS\system32\__c00E8610.dat - C:\WINDOWS\System32\__c00E8610.dat File not found
O20 - Winlogon\Notify\280d4527448: DllName - C:\WINDOWS\System32\capesnpn32.dll - C:\WINDOWS\System32\capesnpn32.dll File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/13 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell - "" = AutoRun
O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bfef5672-71dd-11dd-bf2a-0013d420638b}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 20:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/09 20:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe
[2010/08/09 19:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads
[2010/08/09 19:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners
[2010/08/09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq
[2010/08/09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0
[2010/08/09 19:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style
[2010/08/08 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\The G
[2010/07/19 04:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\PCHealth
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/16 14:36:13 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT
[2010/08/10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys
[2010/08/10 11:07:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/08/10 11:06:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 11:06:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/09 20:02:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/09 19:51:26 | 000,155,648 | RHS- | M] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe
[2010/08/09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe
[2010/08/09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe
[2010/08/09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll
[2010/08/09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll
[2010/08/09 19:35:55 | 000,046,579 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent
[2010/08/09 19:31:38 | 000,016,852 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent
[2010/08/07 16:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/07 12:55:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/07 02:11:08 | 000,012,875 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent
[2010/08/06 12:09:39 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc
[2010/07/30 15:50:35 | 068,311,904 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Untitled.wmv
[2010/07/30 15:15:14 | 003,163,238 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp
[2010/07/30 15:14:58 | 005,731,266 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp
[2010/07/30 15:12:48 | 002,428,300 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp
[2010/07/26 22:59:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini
[2010/07/25 17:34:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/19 03:57:04 | 001,995,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/09 20:33:42 | 000,005,522 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\19BB711B-4DBE-49EC-9715-B0F4C759A225.txt
[2010/08/09 20:02:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/09 19:52:31 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/09 19:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys
[2010/08/09 19:51:34 | 000,024,576 | ---- | C] () -- C:\lsass.exe
[2010/08/09 19:43:51 | 000,111,616 | RHS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe
[2010/08/09 19:43:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\msippsth.dll
[2010/08/09 19:43:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\gclrs.dll
[2010/08/09 19:35:55 | 000,046,579 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent
[2010/08/09 19:31:38 | 000,016,852 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent
[2010/08/07 02:11:08 | 000,012,875 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent
[2010/08/06 12:09:39 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc
[2010/07/30 15:13:48 | 003,163,238 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp
[2010/07/30 15:13:01 | 005,731,266 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp
[2010/07/30 15:11:53 | 002,428,300 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp
[2010/07/25 17:34:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/25 17:34:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/16 00:18:18 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hmhgp.dll
[2010/07/16 00:18:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lmhgp.dll
[2010/02/02 09:48:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\fusioncache.dat
[2010/02/02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys
[2009/08/13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys
[2009/08/13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys
[2009/08/13 11:11:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\wiaserva.log
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/05 20:04:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/25 12:43:51 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2009/01/25 12:43:51 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2009/01/25 12:43:51 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll
[2009/01/25 12:43:51 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll
[2009/01/25 09:59:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MagicTranslator.ini
[2009/01/25 09:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\t3xmartin s. sjorbotten.sys
[2009/01/25 09:45:42 | 000,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/10/06 13:19:40 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/06 13:19:40 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fS.manifest
[2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fO.manifest
[2008/09/21 16:03:09 | 000,000,328 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fP.manifest
[2008/09/21 16:03:09 | 000,000,013 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fC.manifest
[2008/07/22 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/20 15:53:56 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\default.pls
[2008/07/20 15:53:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/15 18:31:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\.rnd
[2007/05/06 17:26:39 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\dxva_sig.txt
[2007/01/20 11:19:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll
[2007/01/14 11:10:15 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/14 09:54:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/13 20:01:13 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/13 14:23:54 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS
[2007/01/13 13:37:56 | 000,053,248 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.dat.LOG
[2007/01/13 13:37:56 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini
[2007/01/13 13:37:55 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT
[2007/01/13 13:35:52 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/01/13 13:35:52 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/01/13 13:35:52 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/01/13 13:35:33 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/01/13 13:35:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/01/13 13:35:32 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 06:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 06:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 06:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 06:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 06:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 06:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/04/18 00:20:52 | 000,012,186 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\logs.dat
[2004/09/07 09:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/04/02 05:59:50 | 000,005,263 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\asmumvu.dll
[2001/08/23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/08/09 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0
[2010/06/10 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AVG9
[2010/01/22 11:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AviDvdBurner
[2007/10/15 15:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\eLanguage
[2009/06/19 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\fizzy
[2007/01/13 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\gtopala
[2010/08/09 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\LimeWire
[2008/11/19 12:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\NCH Swift Sound
[2007/01/13 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Opera
[2010/08/09 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners
[2010/08/09 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Spotify
[2010/08/09 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads
[2010/05/16 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Synthesia
[2009/04/13 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\TeamViewer
[2009/11/29 05:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Tibia
[2010/02/01 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Uniblue
[2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Custom Scans ==========


< OTL logfile created on: 8/16/2010 4:55:27 PM - Run >
Invalid Switch: 2010 4:55:27 PM - Run

~[Filtered]~

< Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM >

< Internet Explorer (Version = 7.0.5730.13) >

< Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy >


< 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free >

< 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free >

< Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] >


< %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files >

< Drive C: | 186.30 Gb Total Space | 28.80 Gb Free Space | 15.46% Space Free | Partition Type: NTFS >

< Drive D: | 1.97 Gb Total Space | 1.97 Gb Free Space | 99.98% Space Free | Partition Type: FAT >

< E: Drive not present or media not loaded >

< F: Drive not present or media not loaded >

< G: Drive not present or media not loaded >

< H: Drive not present or media not loaded >

< I: Drive not present or media not loaded >

< Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS >


< Computer Name: REATOGO >

< Current User Name: SYSTEM >

< Logged in as Administrator. >


< Current Boot Mode: Normal >

< Scan Mode: All users >

< Company Name Whitelist: Off >

< Skip Microsoft Files: Off >

< File Age = 30 Days >

< Output = Standard >

< Using ControlSet: ControlSet001 >


< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]



< SRV - File not found [Auto] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS) >

< SRV - [2010/08/09 19:43:29 | 000,019,456 | ---- | M] () [Auto] -- C:\WINDOWS\system32\msippsth.dll -- (TCPIP Pass-through Filter) >
Invalid Switch: 09 19:43:29 | 000,019,456 | ---- | M] () [Auto] -- C:\WINDOWS\system32\msippsth.dll -- (TCPIP Pass-through Filter)


< SRV - [2010/06/26 11:13:02 | 002,561,624 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai) >
Invalid Switch: 26 11:13:02 | 002,561,624 | ---- | M] () [Auto] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)


< SRV - [2010/06/22 03:48:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) >
Invalid Switch: 22 03:48:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)


< SRV - [2010/06/22 03:48:50 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) >
Invalid Switch: 22 03:48:50 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)


< SRV - [2010/06/22 03:48:47 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) >
Invalid Switch: 22 03:48:47 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)


< SRV - [2010/02/22 13:47:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) >
Invalid Switch: 22 13:47:24 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


< SRV - [2009/08/05 16:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) >
Invalid Switch: 05 16:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)


< SRV - [2009/05/19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport) >
Invalid Switch: 19 05:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (seaport)


< SRV - [2001/08/23 08:00:00 | 000,101,376 | ---- | M] () [Auto] -- C:\WINDOWS\system32\asmumvu.dll -- (rxskandp) >
Invalid Switch: 23 08:00:00 | 000,101,376 | ---- | M] () [Auto] -- C:\WINDOWS\system32\asmumvu.dll -- (rxskandp)




< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]




< ========== Internet Explorer ========== >
Invalid Switch: color]



< IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm >



< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >



< IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.] >
Invalid Switch:


< IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 >

< IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = >

< IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 >






< O1 HOSTS File: ([2010/03/18 05:17:33 | 000,000,766 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts >
Invalid Switch: 18 05:17:33 | 000,000,766 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts


< O1 - Hosts: 127.0.0.1 localhost >

< O1 - Hosts: 127.0.0.1 activate.adobe.com >

< O1 - Hosts: >

< O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) >

< O2 - BHO: () - {19BB711B-4DBE-49EC-9715-B0F4C759A225} - C:\WINDOWS\system32\asmumvu.dll () >

< O2 - BHO: (adShotHlpr Object) - {306D663B-B85C-4832-9008-9D804F152971} - C:\WINDOWS\system32\lmhgp.dll () >

< O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) >

< O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) >

< O2 - BHO: (moigh Object) - {82521A06-3504-4CB5-ABF5-1180D25E4B70} - C:\WINDOWS\system32\hmhgp.dll () >

< O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) >

< O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) >

< O3 - HKU\Martin_S._Sjorbotten_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) >

< O4 - HKLM..\Run: [19440] C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Temp\451.exe () >

< O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) >

< O4 - HKU\Martin_S._Sjorbotten_ON_C..\Run: [secureapp70700.exe] C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0\secureapp70700.exe (MS) >

< O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found >

< O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\cfdrive32.exe (Ook2pe097C) >

< O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found >

< O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O9 - Extra Button: Blogg dette - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) >

< O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) >

< O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\gclrs.dll () >

< O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\System32\gclrs.dll () >

< O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control) >
Invalid Switch: sw.cab (Shockwave ActiveX Control)


< O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.) >
Invalid Switch: wvc1dmo.cab (Reg Error: Key error.)


< O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class) >
Invalid Switch: MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)


< O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.) >
Invalid Switch: jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)


< O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.) >
Invalid Switch: jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)


< O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.) >
Invalid Switch: jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)


< O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.) >
Invalid Switch: jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)


< O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17) >
Invalid Switch: jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)


< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17) >
Invalid Switch: jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)


< O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object) >
Invalid Switch: swflash.cab (Shockwave Flash Object)


< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)


< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 >

< O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) >

< O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) >

< O20 - AppInit_DLLs: (C:\WINDOWS\System32\capesnpn32.dll) - C:\WINDOWS\System32\capesnpn32.dll File not found >

< O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) >

< O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found >

< O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found >

< O20 - HKLM Winlogon: Shell - (beforeglav) - File not found >

< O20 - HKLM Winlogon: System - (C:\WINDOWS\system32\svcnost.exe) - C:\WINDOWS\System32\svcnost.exe File not found >

< O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe () >

< O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe) - C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe () >

< O20 - Winlogon\Notify\__c00E8610: DllName - C:\WINDOWS\system32\__c00E8610.dat - C:\WINDOWS\System32\__c00E8610.dat File not found >

< O20 - Winlogon\Notify\280d4527448: DllName - C:\WINDOWS\System32\capesnpn32.dll - C:\WINDOWS\System32\capesnpn32.dll File not found >

< O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) >

< O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) >

< O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp >

< O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp >

< O32 - HKLM CDRom: AutoRun - 1 >

< O32 - AutoRun File - [2007/01/13 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] >
Invalid Switch: 13 13:32:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]


< O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] >
Invalid Switch: 24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]


< O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell - "" = AutoRun >

< O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell\AutoRun - "" = Auto&Play >

< O33 - MountPoints2\{52b9400a-5dc8-11de-bf6a-0013d420638b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found >

< O33 - MountPoints2\{bfef5672-71dd-11dd-bf2a-0013d420638b}\Shell\AutoRun\command - "" = I:\wd_windows_tools\setup.exe -- File not found >

< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >

< O35 - HKLM\..comfile [open] -- "%1" %* >

< O35 - HKLM\..exefile [open] -- "%1" %* >

< O37 - HKLM\...com [@ = comfile] -- "%1" %* >

< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >


< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]



< [2010/08/09 20:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia >
Invalid Switch: 09 20:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia


< [2010/08/09 20:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe >
Invalid Switch: 09 20:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe


< [2010/08/09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe >
Invalid Switch: 09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe


< [2010/08/09 19:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads >
Invalid Switch: 09 19:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads


< [2010/08/09 19:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners >
Invalid Switch: 09 19:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners


< [2010/08/09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq >
Invalid Switch: 09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq


< [2010/08/09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0 >
Invalid Switch: 09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0


< [2010/08/09 19:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style >
Invalid Switch: 09 19:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style


< [2010/08/08 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\The G >
Invalid Switch: 08 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\The G


< [2010/07/19 04:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\PCHealth >
Invalid Switch: 19 04:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\PCHealth


< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >


< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]



< [2010/08/16 14:36:13 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT >
Invalid Switch: 16 14:36:13 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT


< [2010/08/10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys >
Invalid Switch: 10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys


< [2010/08/10 11:07:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl >
Invalid Switch: 10 11:07:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl


< [2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job >
Invalid Switch: 10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job


< [2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job >
Invalid Switch: 10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job


< [2010/08/10 11:06:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT >
Invalid Switch: 10 11:06:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT


< [2010/08/10 11:06:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
Invalid Switch: 10 11:06:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat


< [2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT >
Invalid Switch: 10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT


< [2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT >
Invalid Switch: 10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT


< [2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job >
Invalid Switch: 10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job


< [2010/08/09 20:02:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat >
Invalid Switch: 09 20:02:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat


< [2010/08/09 19:51:26 | 000,155,648 | RHS- | M] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe >
Invalid Switch: 09 19:51:26 | 000,155,648 | RHS- | M] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe


< [2010/08/09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe >
Invalid Switch: 09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe


< [2010/08/09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe >
Invalid Switch: 09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe


< [2010/08/09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll >
Invalid Switch: 09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll


< [2010/08/09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll >
Invalid Switch: 09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by Martin89 on Mon 16 Aug 2010, 11:28 pm




< [2010/08/09 19:35:55 | 000,046,579 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent >
Invalid Switch: 09 19:35:55 | 000,046,579 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent


< [2010/08/09 19:31:38 | 000,016,852 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent >
Invalid Switch: 09 19:31:38 | 000,016,852 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent


< [2010/08/07 16:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job >
Invalid Switch: 07 16:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job


< [2010/08/07 12:55:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn >
Invalid Switch: 07 12:55:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn


< [2010/08/07 02:11:08 | 000,012,875 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent >
Invalid Switch: 07 02:11:08 | 000,012,875 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent


< [2010/08/06 12:09:39 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc >
Invalid Switch: 06 12:09:39 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc


< [2010/07/30 15:50:35 | 068,311,904 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Untitled.wmv >
Invalid Switch: 30 15:50:35 | 068,311,904 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Untitled.wmv


< [2010/07/30 15:15:14 | 003,163,238 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp >
Invalid Switch: 30 15:15:14 | 003,163,238 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp


< [2010/07/30 15:14:58 | 005,731,266 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp >
Invalid Switch: 30 15:14:58 | 005,731,266 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp


< [2010/07/30 15:12:48 | 002,428,300 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp >
Invalid Switch: 30 15:12:48 | 002,428,300 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp


< [2010/07/26 22:59:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini >
Invalid Switch: 26 22:59:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini


< [2010/07/25 17:34:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for >
Invalid Switch: 25 17:34:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for


< [2010/07/19 03:57:04 | 001,995,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT >
Invalid Switch: 19 03:57:04 | 001,995,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT


< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >


~[Filtered]~
Invalid Switch: color]



< [2010/08/09 20:33:42 | 000,005,522 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\19BB711B-4DBE-49EC-9715-B0F4C759A225.txt >
Invalid Switch: 09 20:33:42 | 000,005,522 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\19BB711B-4DBE-49EC-9715-B0F4C759A225.txt


< [2010/08/09 20:02:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat >
Invalid Switch: 09 20:02:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat


< [2010/08/09 19:52:31 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job >
Invalid Switch: 09 19:52:31 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job


< [2010/08/09 19:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys >
Invalid Switch: 09 19:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys


< [2010/08/09 19:51:34 | 000,024,576 | ---- | C] () -- C:\lsass.exe >
Invalid Switch: 09 19:51:34 | 000,024,576 | ---- | C] () -- C:\lsass.exe


< [2010/08/09 19:43:51 | 000,111,616 | RHS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe >
Invalid Switch: 09 19:43:51 | 000,111,616 | RHS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe


< [2010/08/09 19:43:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\msippsth.dll >
Invalid Switch: 09 19:43:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\msippsth.dll


< [2010/08/09 19:43:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\gclrs.dll >
Invalid Switch: 09 19:43:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\gclrs.dll


< [2010/08/09 19:35:55 | 000,046,579 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent >
Invalid Switch: 09 19:35:55 | 000,046,579 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent


< [2010/08/09 19:31:38 | 000,016,852 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent >
Invalid Switch: 09 19:31:38 | 000,016,852 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent


< [2010/08/07 02:11:08 | 000,012,875 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent >
Invalid Switch: 07 02:11:08 | 000,012,875 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent


< [2010/08/06 12:09:39 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc >
Invalid Switch: 06 12:09:39 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc


< [2010/07/30 15:13:48 | 003,163,238 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp >
Invalid Switch: 30 15:13:48 | 003,163,238 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp


< [2010/07/30 15:13:01 | 005,731,266 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp >
Invalid Switch: 30 15:13:01 | 005,731,266 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp


< [2010/07/30 15:11:53 | 002,428,300 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp >
Invalid Switch: 30 15:11:53 | 002,428,300 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp


< [2010/07/25 17:34:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn >
Invalid Switch: 25 17:34:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn


< [2010/07/25 17:34:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for >
Invalid Switch: 25 17:34:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for


< [2010/07/16 00:18:18 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hmhgp.dll >
Invalid Switch: 16 00:18:18 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hmhgp.dll


< [2010/07/16 00:18:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lmhgp.dll >
Invalid Switch: 16 00:18:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lmhgp.dll


< [2010/02/02 09:48:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\fusioncache.dat >
Invalid Switch: 02 09:48:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\fusioncache.dat


< [2010/02/02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys >
Invalid Switch: 02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys


< [2009/08/13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys >
Invalid Switch: 13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys


< [2009/08/13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys >
Invalid Switch: 13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys


< [2009/08/13 11:11:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\wiaserva.log >
Invalid Switch: 13 11:11:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\wiaserva.log


< [2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll >
Invalid Switch: 03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll


< [2009/02/05 20:04:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI >
Invalid Switch: 05 20:04:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI


< [2009/01/25 12:43:51 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll >
Invalid Switch: 25 12:43:51 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll


< [2009/01/25 12:43:51 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll >
Invalid Switch: 25 12:43:51 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll


< [2009/01/25 12:43:51 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll >
Invalid Switch: 25 12:43:51 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll


< [2009/01/25 12:43:51 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll >
Invalid Switch: 25 12:43:51 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll


< [2009/01/25 09:59:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MagicTranslator.ini >
Invalid Switch: 25 09:59:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MagicTranslator.ini


< [2009/01/25 09:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\t3xmartin s. sjorbotten.sys >
Invalid Switch: 25 09:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\t3xmartin s. sjorbotten.sys


< [2009/01/25 09:45:42 | 000,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys >
Invalid Switch: 25 09:45:42 | 000,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys


< [2008/10/06 13:19:40 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll >
Invalid Switch: 06 13:19:40 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll


< [2008/10/06 13:19:40 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll >
Invalid Switch: 06 13:19:40 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll


< [2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fS.manifest >
Invalid Switch: 21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fS.manifest


< [2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fO.manifest >
Invalid Switch: 21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fO.manifest


< [2008/09/21 16:03:09 | 000,000,328 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fP.manifest >
Invalid Switch: 21 16:03:09 | 000,000,328 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fP.manifest


< [2008/09/21 16:03:09 | 000,000,013 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fC.manifest >
Invalid Switch: 21 16:03:09 | 000,000,013 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fC.manifest


< [2008/07/22 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini >
Invalid Switch: 22 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini


< [2008/07/20 15:53:56 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\default.pls >
Invalid Switch: 20 15:53:56 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\default.pls


< [2008/07/20 15:53:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini >
Invalid Switch: 20 15:53:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini


< [2008/07/15 18:31:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\.rnd >
Invalid Switch: 15 18:31:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\.rnd


< [2007/05/06 17:26:39 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\dxva_sig.txt >
Invalid Switch: 06 17:26:39 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\dxva_sig.txt


< [2007/01/20 11:19:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll >
Invalid Switch: 20 11:19:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll


< [2007/01/14 11:10:15 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini >
Invalid Switch: 14 11:10:15 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini


< [2007/01/14 09:54:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI >
Invalid Switch: 14 09:54:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI


< [2007/01/13 20:01:13 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 13 20:01:13 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


< [2007/01/13 14:23:54 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS >
Invalid Switch: 13 14:23:54 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS


< [2007/01/13 13:37:56 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.dat.LOG >
Invalid Switch: 13 13:37:56 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.dat.LOG


< [2007/01/13 13:37:56 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini >
Invalid Switch: 13 13:37:56 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini


< [2007/01/13 13:37:55 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT >
Invalid Switch: 13 13:37:55 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT


< [2007/01/13 13:35:52 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT >
Invalid Switch: 13 13:35:52 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT


< [2007/01/13 13:35:52 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG >
Invalid Switch: 13 13:35:52 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG


< [2007/01/13 13:35:52 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini >
Invalid Switch: 13 13:35:52 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini


< [2007/01/13 13:35:33 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini >
Invalid Switch: 13 13:35:33 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini


< [2007/01/13 13:35:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT >
Invalid Switch: 13 13:35:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT


< [2007/01/13 13:35:32 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG >
Invalid Switch: 13 13:35:32 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG


< [2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll >
Invalid Switch: 22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll


< [2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll >
Invalid Switch: 14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll


< [2005/10/14 06:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll >
Invalid Switch: 14 06:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll


< [2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll >
Invalid Switch: 14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll


< [2005/10/14 06:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll >
Invalid Switch: 14 06:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll


< [2005/10/14 06:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll >
Invalid Switch: 14 06:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll


< [2005/10/14 06:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll >
Invalid Switch: 14 06:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll


< [2005/10/14 06:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll >
Invalid Switch: 14 06:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll


< [2005/10/14 06:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll >
Invalid Switch: 14 06:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll


< [2005/04/18 00:20:52 | 000,012,186 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\logs.dat >
Invalid Switch: 18 00:20:52 | 000,012,186 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\logs.dat


< [2004/09/07 09:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll >
Invalid Switch: 07 09:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll


< [2003/04/02 05:59:50 | 000,005,263 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI >
Invalid Switch: 02 05:59:50 | 000,005,263 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI


< [2001/08/23 08:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\asmumvu.dll >
Invalid Switch: 23 08:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\asmumvu.dll


< [2001/08/23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys >
Invalid Switch: 23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys


< [1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll >
Invalid Switch: 27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll


< [1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll >
Invalid Switch: 13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll



< ========== LOP Check ========== >
Invalid Switch: color]



< [2010/08/09 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0 >
Invalid Switch: 09 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0


< [2010/06/10 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AVG9 >
Invalid Switch: 10 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AVG9


< [2010/01/22 11:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AviDvdBurner >
Invalid Switch: 22 11:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AviDvdBurner


< [2007/10/15 15:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\eLanguage >
Invalid Switch: 15 15:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\eLanguage


< [2009/06/19 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\fizzy >
Invalid Switch: 19 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\fizzy


< [2007/01/13 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\gtopala >
Invalid Switch: 13 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\gtopala


< [2010/08/09 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\LimeWire >
Invalid Switch: 09 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\LimeWire


< [2008/11/19 12:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\NCH Swift Sound >
Invalid Switch: 19 12:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\NCH Swift Sound


< [2007/01/13 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Opera >
Invalid Switch: 13 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Opera


< [2010/08/09 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners >
Invalid Switch: 09 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners


< [2010/08/09 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Spotify >
Invalid Switch: 09 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Spotify


< [2010/08/09 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads >
Invalid Switch: 09 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads


< [2010/05/16 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Synthesia >
Invalid Switch: 16 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Synthesia


< [2009/04/13 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\TeamViewer >
Invalid Switch: 13 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\TeamViewer


< [2009/11/29 05:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Tibia >
Invalid Switch: 29 05:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Tibia


< [2010/02/01 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Uniblue >
Invalid Switch: 01 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Uniblue


< [2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job >
Invalid Switch: 10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job


< [2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job >
Invalid Switch: 10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job


< [2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job >
Invalid Switch: 10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job



< ========== Purity Check ========== >
Invalid Switch: color]





< ========== Alternate Data Streams ========== >
Invalid Switch: color]



< @Alternate Data Stream - 24 bytes -> C:\WINDOWS:538C9E95F8C91C97 >

< < End of report > >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:538C9E95F8C91C97

< End of report >

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Tue 17 Aug 2010, 7:53 am

Hi

You clicked Run Scan instead of Run Fix.

Please redo the fix I had in my previous reply, and click the Run Fix button instead of the Run Scan button.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Martin89 on Tue 17 Aug 2010, 9:35 pm

Ah, sorry that. here:

Error: Unable to interpret in the current context!
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free> in the current context!
Error: Unable to interpret <1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (MessengerStatsClient Class)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Shockwave Flash Object)> in the current context!
Error: Unable to interpret [You must be registered and logged in to see this link.] (Reg Error: Key error.)> in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/08/09 20:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia> in the current context!
Error: Unable to interpret <[2010/08/09 20:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe> in the current context!
Error: Unable to interpret <[2010/08/09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe> in the current context!
Error: Unable to interpret <[2010/08/09 19:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads> in the current context!
Error: Unable to interpret <[2010/08/09 19:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0> in the current context!
Error: Unable to interpret <[2010/08/09 19:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style> in the current context!
Error: Unable to interpret <[2010/08/08 14:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\The G> in the current context!
Error: Unable to interpret <[2010/07/19 04:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\PCHealth> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/08/16 14:36:13 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2010/08/10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys> in the current context!
Error: Unable to interpret <[2010/08/10 11:07:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job> in the current context!
Error: Unable to interpret <[2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job> in the current context!
Error: Unable to interpret <[2010/08/10 11:06:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT> in the current context!
Error: Unable to interpret <[2010/08/10 11:06:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2010/08/10 11:02:10 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job> in the current context!
Error: Unable to interpret <[2010/08/09 20:02:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2010/08/09 19:51:26 | 000,155,648 | RHS- | M] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe> in the current context!
Error: Unable to interpret <[2010/08/09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll> in the current context!
Error: Unable to interpret <[2010/08/09 19:35:55 | 000,046,579 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent> in the current context!
Error: Unable to interpret <[2010/08/09 19:31:38 | 000,016,852 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent> in the current context!
Error: Unable to interpret <[2010/08/07 16:39:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job> in the current context!
Error: Unable to interpret <[2010/08/07 12:55:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn> in the current context!
Error: Unable to interpret <[2010/08/07 02:11:08 | 000,012,875 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent> in the current context!
Error: Unable to interpret <[2010/08/06 12:09:39 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc> in the current context!
Error: Unable to interpret <[2010/07/30 15:50:35 | 068,311,904 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Untitled.wmv> in the current context!
Error: Unable to interpret <[2010/07/30 15:15:14 | 003,163,238 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp> in the current context!
Error: Unable to interpret <[2010/07/30 15:14:58 | 005,731,266 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp> in the current context!
Error: Unable to interpret <[2010/07/30 15:12:48 | 002,428,300 | ---- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp> in the current context!
Error: Unable to interpret <[2010/07/26 22:59:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini> in the current context!
Error: Unable to interpret <[2010/07/25 17:34:18 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for> in the current context!
Error: Unable to interpret <[2010/07/19 03:57:04 | 001,995,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/08/09 20:33:42 | 000,005,522 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\19BB711B-4DBE-49EC-9715-B0F4C759A225.txt> in the current context!
Error: Unable to interpret <[2010/08/09 20:02:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2010/08/09 19:52:31 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job> in the current context!
Error: Unable to interpret <[2010/08/09 19:52:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys> in the current context!
Error: Unable to interpret <[2010/08/09 19:51:34 | 000,024,576 | ---- | C] () -- C:\lsass.exe> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:51 | 000,111,616 | RHS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\msippsth.dll> in the current context!
Error: Unable to interpret <[2010/08/09 19:43:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\gclrs.dll> in the current context!
Error: Unable to interpret <[2010/08/09 19:35:55 | 000,046,579 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\mystery and style.torrent> in the current context!
Error: Unable to interpret <[2010/08/09 19:31:38 | 000,016,852 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Mystery_Method_Video_Archive_Encyclopedia_5-DVD_Set.4847972.TPB.torrent> in the current context!
Error: Unable to interpret <[2010/08/07 02:11:08 | 000,012,875 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\My Documents\Top.Gun.1986.SWESUB.DVDRip.XviD-Askeen.5727820.TPB.torrent> in the current context!
Error: Unable to interpret <[2010/08/06 12:09:39 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Stipend og lån.doc> in the current context!
Error: Unable to interpret <[2010/07/30 15:13:48 | 003,163,238 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Promoe feat. Capleton - Songs of joy.3gp> in the current context!
Error: Unable to interpret <[2010/07/30 15:13:01 | 005,731,266 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\Kid Cudi vs. Crookers - Day 'n' Night.3gp> in the current context!
Error: Unable to interpret <[2010/07/30 15:11:53 | 002,428,300 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Desktop\kya bamba --- be free.3gp> in the current context!
Error: Unable to interpret <[2010/07/25 17:34:18 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn> in the current context!
Error: Unable to interpret <[2010/07/25 17:34:18 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for> in the current context!
Error: Unable to interpret <[2010/07/16 00:18:18 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\hmhgp.dll> in the current context!
Error: Unable to interpret <[2010/07/16 00:18:04 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lmhgp.dll> in the current context!
Error: Unable to interpret <[2010/02/02 09:48:57 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\fusioncache.dat> in the current context!
Error: Unable to interpret <[2010/02/02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys> in the current context!
Error: Unable to interpret <[2009/08/13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys> in the current context!
Error: Unable to interpret <[2009/08/13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys> in the current context!
Error: Unable to interpret <[2009/08/13 11:11:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\wiaserva.log> in the current context!
Error: Unable to interpret <[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll> in the current context!
Error: Unable to interpret <[2009/02/05 20:04:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI> in the current context!
Error: Unable to interpret <[2009/01/25 12:43:51 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll> in the current context!
Error: Unable to interpret <[2009/01/25 12:43:51 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll> in the current context!
Error: Unable to interpret <[2009/01/25 12:43:51 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll> in the current context!
Error: Unable to interpret <[2009/01/25 12:43:51 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll> in the current context!
Error: Unable to interpret <[2009/01/25 09:59:15 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MagicTranslator.ini> in the current context!
Error: Unable to interpret <[2009/01/25 09:45:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\t3xmartin s. sjorbotten.sys> in the current context!
Error: Unable to interpret <[2009/01/25 09:45:42 | 000,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys> in the current context!
Error: Unable to interpret <[2008/10/06 13:19:40 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll> in the current context!
Error: Unable to interpret <[2008/10/06 13:19:40 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll> in the current context!
Error: Unable to interpret <[2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fS.manifest> in the current context!
Error: Unable to interpret <[2008/09/21 16:03:10 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fO.manifest> in the current context!
Error: Unable to interpret <[2008/09/21 16:03:09 | 000,000,328 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fP.manifest> in the current context!
Error: Unable to interpret <[2008/09/21 16:03:09 | 000,000,013 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\02000000c7f9d25fC.manifest> in the current context!
Error: Unable to interpret <[2008/07/22 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini> in the current context!
Error: Unable to interpret <[2008/07/20 15:53:56 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\default.pls> in the current context!
Error: Unable to interpret <[2008/07/20 15:53:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini> in the current context!
Error: Unable to interpret <[2008/07/15 18:31:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\.rnd> in the current context!
Error: Unable to interpret <[2007/05/06 17:26:39 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\dxva_sig.txt> in the current context!
Error: Unable to interpret <[2007/01/20 11:19:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\win32t4.dll> in the current context!
Error: Unable to interpret <[2007/01/14 11:10:15 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini> in the current context!
Error: Unable to interpret <[2007/01/14 09:54:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context!
Error: Unable to interpret <[2007/01/13 20:01:13 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2007/01/13 14:23:54 | 000,044,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\UAGP35.SYS> in the current context!
Error: Unable to interpret <[2007/01/13 13:37:56 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.dat.LOG> in the current context!
Error: Unable to interpret <[2007/01/13 13:37:56 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\ntuser.ini> in the current context!
Error: Unable to interpret <[2007/01/13 13:37:55 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2007/01/13 13:35:52 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2007/01/13 13:35:52 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG> in the current context!
Error: Unable to interpret <[2007/01/13 13:35:52 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini> in the current context!
Error: Unable to interpret <[2007/01/13 13:35:33 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini> in the current context!
Error: Unable to interpret <[2007/01/13 13:35:32 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2007/01/13 13:35:32 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG> in the current context!
Error: Unable to interpret <[2006/04/22 19:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll> in the current context!
Error: Unable to interpret <[2005/10/14 06:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll> in the current context!
Error: Unable to interpret <[2005/04/18 00:20:52 | 000,012,186 | -H-- | C] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\logs.dat> in the current context!
Error: Unable to interpret <[2004/09/07 09:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll> in the current context!
Error: Unable to interpret <[2003/04/02 05:59:50 | 000,005,263 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\asmumvu.dll> in the current context!
Error: Unable to interpret <[2001/08/23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys> in the current context!
Error: Unable to interpret <[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll> in the current context!
Error: Unable to interpret <[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/08/09 19:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0> in the current context!
Error: Unable to interpret <[2010/06/10 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AVG9> in the current context!
Error: Unable to interpret <[2010/01/22 11:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\AviDvdBurner> in the current context!
Error: Unable to interpret <[2007/10/15 15:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\eLanguage> in the current context!
Error: Unable to interpret <[2009/06/19 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\fizzy> in the current context!
Error: Unable to interpret <[2007/01/13 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\gtopala> in the current context!
Error: Unable to interpret <[2010/08/09 19:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\LimeWire> in the current context!
Error: Unable to interpret <[2008/11/19 12:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\NCH Swift Sound> in the current context!
Error: Unable to interpret <[2007/01/13 14:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Opera> in the current context!
Error: Unable to interpret <[2010/08/09 19:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Sky-Banners> in the current context!
Error: Unable to interpret <[2010/08/09 14:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Spotify> in the current context!
Error: Unable to interpret <[2010/08/09 19:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Street-Ads> in the current context!
Error: Unable to interpret <[2010/05/16 07:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Synthesia> in the current context!
Error: Unable to interpret <[2009/04/13 14:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\TeamViewer> in the current context!
Error: Unable to interpret <[2009/11/29 05:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Tibia> in the current context!
Error: Unable to interpret <[2010/02/01 18:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\Uniblue> in the current context!
Error: Unable to interpret <[2010/08/10 06:08:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job> in the current context!
Error: Unable to interpret <[2010/08/10 11:07:10 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job> in the current context!
Error: Unable to interpret <[2010/08/10 11:07:08 | 000,000,326 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 24 bytes -> C:\WINDOWS:538C9E95F8C91C97> in the current context!
Error: Unable to interpret << End of report >> in the current context!

OTLPE by OldTimer - Version 3.1.40.0 log created on 08172010_152844

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Wed 18 Aug 2010, 4:51 pm

Only copy and paste this in to the fix box, and click Run Fix.


:files
C:\WINDOWS\tasks\At*.job

:otl
SRV - [2001/08/23 08:00:00 | 000,101,376 | ---- | M] () [Auto] -- C:\WINDOWS\system32\asmumvu.dll -- (rxskandp)
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\Martin_S._Sjorbotten_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts:
O2 - BHO: () - {19BB711B-4DBE-49EC-9715-B0F4C759A225} - C:\WINDOWS\system32\asmumvu.dll ()
O2 - BHO: (adShotHlpr Object) - {306D663B-B85C-4832-9008-9D804F152971} - C:\WINDOWS\system32\lmhgp.dll ()
O2 - BHO: (moigh Object) - {82521A06-3504-4CB5-ABF5-1180D25E4B70} - C:\WINDOWS\system32\hmhgp.dll ()
O4 - HKLM..\Run: [19440] C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Temp\451.exe ()
O4 - HKU\Martin_S._Sjorbotten_ON_C..\Run: [secureapp70700.exe] C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0\secureapp70700.exe (MS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\cfdrive32.exe (Ook2pe097C)
O7 - HKU\Martin_S._Sjorbotten_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\dir\install\install\server.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\gclrs.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\System32\gclrs.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\System32\capesnpn32.dll) - C:\WINDOWS\System32\capesnpn32.dll File not found
O20 - HKLM Winlogon: Shell - (tapi.nfo) - File not found
O20 - HKLM Winlogon: Shell - (beforeglav) - File not found
O20 - HKLM Winlogon: System - (C:\WINDOWS\system32\svcnost.exe) - C:\WINDOWS\System32\svcnost.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe) - C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe ()
O20 - Winlogon\Notify\__c00E8610: DllName - C:\WINDOWS\system32\__c00E8610.dat - C:\WINDOWS\System32\__c00E8610.dat File not found
O20 - Winlogon\Notify\280d4527448: DllName - C:\WINDOWS\System32\capesnpn32.dll - C:\WINDOWS\System32\capesnpn32.dll File not found
[2010/08/09 19:51:39 | 000,155,648 | RHS- | C] (Ook2pe097C) -- C:\WINDOWS\cfdrive32.exe
[2010/08/09 19:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Local Settings\Application Data\vbcrjnlyq
[2010/08/09 19:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\6DFD1CC8A63A094C67047BDF74C38EF0
[2010/08/10 11:07:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\zgkgpsr.sys
[2010/08/09 19:51:26 | 000,024,576 | ---- | M] () -- C:\lsass.exe
[2010/08/09 19:43:44 | 000,111,616 | RHS- | M] () -- C:\Documents and Settings\Martin S. Sjorbotten\Application Data\ohydy.exe
[2010/08/09 19:43:29 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\msippsth.dll
[2010/08/09 19:43:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\gclrs.dll
[2010/07/16 00:18:18 | 000,246,784 | ---- | M] () -- C:\WINDOWS\System32\hmhgp.dll
[2010/07/16 00:18:04 | 000,294,912 | ---- | M] () -- C:\WINDOWS\System32\lmhgp.dll
[2010/07/13 20:43:22 | 000,040,581 | ---- | M] () -- C:\WINDOWS\System32\ymhgp.exe
[2010/02/02 09:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovfsth.sys
[2009/08/13 11:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb3e6c53.sys
[2009/08/13 11:11:25 | 000,021,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\win32x.sys
[2001/08/23 08:00:00 | 000,023,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\gzwkicrt.sys
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:538C9E95F8C91C97

:commands
[purity]
[emptytemp]
[emptyflash]
[reboot]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Martin89 on Wed 25 Aug 2010, 9:27 pm

The computer freezed

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Fri 27 Aug 2010, 6:53 am

Ok.

Try once more and see what happens.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Martin89 on Wed 08 Sep 2010, 3:37 am

Freeze :S

Martin89

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-08-11
Operating System : Windows Packard bell

View user profile

Back to top Go down

Re: Malware

Post by DragonMaster Jay on Thu 09 Sep 2010, 8:26 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Malware

Post by Sponsored content Today at 8:05 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum