Hej Ejvindh her er logfiler
WinPFind3 logfile created on: 16-02-2007 08:46:39
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Bruger\Skrivebord\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
261040 Kb Total Physical Memory | 67820 Kb Available Physical Memory | 25,98% Memory free
1795948 Kb Paging File | 1494432 Kb Available in Paging File | 83,21% Paging File free
Paging file location(s): D:\pagefile.sys 756 1512;
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Programmer
Drive C: | 8195008 Kb Total Space | 2482810 Kb Free Space | 30,30% Space Free
Drive D: | 21099928 Kb Total Space | 19465192 Kb Free Space | 92,25% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 19-11-2004 17:40:42 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 19-11-2004 17:40:42 | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 15-02-2007 07:29:20 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.00.104 | Size = 50880 bytes | Modified Date = 19-08-2002 22:22:38 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 1.00.37 | Size = 308936 bytes | Modified Date = 08-08-2002 22:40:02 | Attr = ]
ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 208896 bytes | Modified Date = 25-12-2003 10:04:00 | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 6200 Series\ezprint.exe -> [Ver = | Size = 61440 bytes | Modified Date = 17-09-2004 14:24:00 | Attr = ]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.446 | Size = 102463 bytes | Modified Date = 23-11-2004 15:50:00 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr = ]
hydradm.exe -> %ProgramFiles%\ATI Technologies\ATI HYDRAVISION\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.25.0004 | Size = 270336 bytes | Modified Date = 26-06-2003 21:00:00 | Attr = ]
hydramd.exe -> %ProgramFiles%\ATI Technologies\ATI HYDRAVISION\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.25.0004 | Size = 364544 bytes | Modified Date = 26-06-2003 21:00:00 | Attr = ]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 19-11-2004 17:41:20 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09-11-2006 15:07:30 | Attr = ]
lxbucoms.exe -> %System32%\lxbucoms.exe -> Lexmark International, Inc. [Ver = 1.101.39.0 | Size = 450560 bytes | Modified Date = 23-09-2004 18:58:02 | Attr = ]
lxbumon.exe -> %ProgramFiles%\Lexmark 6200 Series\lxbumon.exE -> Lexmark International, Inc. [Ver = 1.198.0.0 | Size = 188416 bytes | Modified Date = 22-09-2004 11:41:02 | Attr = ]
mreg.exe -> %System32%\MREG.EXE -> Ementor Danmark A/S [Ver = 9.02.0001 | Size = 36864 bytes | Modified Date = 14-03-2005 10:04:46 | Attr = ]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.5.0.446 | Size = 237623 bytes | Modified Date = 23-11-2004 15:50:00 | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\Navapsvc.exe -> Symantec Corporation [Ver = 9.00.1104 | Size = 116336 bytes | Modified Date = 19-08-2002 22:35:38 | Attr = ]
nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 0, 0, 3007 | Size = 118784 bytes | Modified Date = 05-02-2004 14:28:16 | Attr = ]
nprotect.exe -> %ProgramFiles%\Norton AntiVirus\AdvTools\NPROTECT.EXE -> Symantec Corporation [Ver = 16.00.0.22 | Size = 135168 bytes | Modified Date = 14-08-2002 06:03:00 | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 4.3 | Size = 40960 bytes | Modified Date = 03-12-2002 05:51:42 | Attr = ]
qconsvc.exe -> %System32%\QCONSVC.EXE -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 73728 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
qctray.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCTRAY.EXE -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 708608 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
qcwlicon.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 81920 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 12-12-2004 11:54:06 | Attr = ]
shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 22-09-2004 19:00:00 | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20-09-2002 15:50:10 | Attr = ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 0, 2, 4 | Size = 860160 bytes | Modified Date = 06-08-2004 08:27:56 | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 5, 0, 1, 57 | Size = 1368064 bytes | Modified Date = 01-04-2004 10:52:06 | Attr = ]
srvany.exe -> %System32%\SRVANY.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 19-11-2004 17:39:44 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 19-11-2004 17:41:46 | Attr = ]
syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 19-11-2004 17:41:46 | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 08-08-2003 00:57:52 | Attr = ]
tpkmpsvc.exe -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 11-07-2003 18:19:22 | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 23-06-2003 16:34:18 | Attr = ]
tpscrex.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe -> IBM Corporation [Ver = 1.06 | Size = 65536 bytes | Modified Date = 11-01-2002 00:01:34 | Attr = ]
tpshocks.exe -> %System32%\TpShocks.exe -> [Ver = | Size = 102400 bytes | Modified Date = 28-01-2004 16:43:56 | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> [Ver = | Size = 24576 bytes | Modified Date = 03-12-2002 05:51:44 | Attr = ]
updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.446 | Size = 139320 bytes | Modified Date = 23-11-2004 15:50:00 | Attr = ]
vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1002 | Size = 29184 bytes | Modified Date = 22-08-2005 19:00:00 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12-02-2007 21:39:14 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 397312 bytes | Modified Date = 19-11-2004 17:40:42 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 1.00.37 | Size = 308936 bytes | Modified Date = 08-08-2002 22:40:02 | Attr = ]
(ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 1.00.104 | Size = 63176 bytes | Modified Date = 19-08-2002 22:23:32 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 26-08-2004 16:53:50 | Attr = ]
(IBMPMSVC) IBM PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 19-11-2004 17:41:20 | Attr = ]
(lxbu_device) lxbu_device [Win32_Own | On_Demand | Running] -> %System32%\lxbucoms.exe -> Lexmark International, Inc. [Ver = 1.101.39.0 | Size = 450560 bytes | Modified Date = 23-09-2004 18:58:02 | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.446 | Size = 102463 bytes | Modified Date = 23-11-2004 15:50:00 | Attr = ]
(McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.1002 | Size = 29184 bytes | Modified Date = 22-08-2005 19:00:00 | Attr = ]
(MHardwareScan) M·HardwareScan Service [Win32_Own | Auto | Stopped] -> %System32%\MHardwareScan.exe -> Ementor Danmark A/S [Ver = 9.02.0386 | Size = 442368 bytes | Modified Date = 21-02-2005 14:12:36 | Attr = ]
(Microsoft IE Updater) ieupdater [Win32_Own | Auto | Stopped] -> %SystemDrive%\Documents and Settings\Bruger\~tmp0374.exe -> File not found
(MReg) MReg [Win32_Own | Auto | Running] -> %System32%\SRVANY.EXE -> [Ver = | Size = 13312 bytes | Modified Date = 19-11-2004 17:39:44 | Attr = ]
(MSoftwareScan) M·SoftwareScan [Win32_Own | On_Demand | Stopped] -> %System32%\MSoftwareScan.exe -> Ementor Danmark A/S [Ver = 9.02.1089 | Size = 286720 bytes | Modified Date = 14-03-2005 12:11:00 | Attr = ]
(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\Navapsvc.exe -> Symantec Corporation [Ver = 9.00.1104 | Size = 116336 bytes | Modified Date = 19-08-2002 22:35:38 | Attr = ]
(NProtectService) Norton Unerase Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\AdvTools\NPROTECT.EXE -> Symantec Corporation [Ver = 16.00.0.22 | Size = 135168 bytes | Modified Date = 14-08-2002 06:03:00 | Attr = ]
(QCONSVC) QCONSVC [Win32_Own | Auto | Running] -> %System32%\QCONSVC.EXE -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 73728 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
(r_server) Remote Administrator Service [Win32_Own | Auto | Stopped] -> %System32%\r_server.exe -> [Ver = | Size = 241664 bytes | Modified Date = 21-08-2001 09:37:30 | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 13-08-2001 23:18:36 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05-04-2005 11:17:22 | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20-09-2002 15:50:10 | Attr = ]
(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %System32%\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 11-07-2003 18:19:22 | Attr = ]
(TrcBoot) TrcBoot [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> [Ver = | Size = 24576 bytes | Modified Date = 03-12-2002 05:51:44 | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.4 | Size = 116176 bytes | Modified Date = 19-11-2004 17:40:26 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(ANC) ANC [Kernel | System | Running] -> %System32%\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 26-08-2004 16:48:14 | Attr = ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 4096 bytes | Modified Date = 28-09-2006 15:13:34 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 26-08-2004 16:49:40 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 26-08-2004 16:49:40 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e1000325.sys -> Intel Corporation [Ver = 8.0.57.0 built by: WinDDK | Size = 169984 bytes | Modified Date = 19-11-2004 17:41:50 | Attr = ]
(EntDrv51) EntDrv51 [Kernel | On_Demand | Stopped] -> %System32%\drivers\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.448 | Size = 8448 bytes | Modified Date = 22-08-2005 19:00:00 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.02.02.00 | Size = 197888 bytes | Modified Date = 19-11-2004 17:41:00 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.02.00 | Size = 1041152 bytes | Modified Date = 19-11-2004 17:41:04 | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %System32%\drivers\ibmpmdrv.sys -> IBM Corp. [Ver = 1.26 | Size = 11344 bytes | Modified Date = 19-11-2004 17:41:20 | Attr = ]
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %System32%\drivers\IBMBLDID.SYS -> [Ver = | Size = 2432 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(KLOGNT) KLOGNT [Kernel | On_Demand | Running] -> %System32%\drivers\klognt.sys -> [Ver = | Size = 23272 bytes | Modified Date = 03-12-2002 05:51:42 | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Modified Date = 03-08-2004 21:41:56 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Stopped] -> %System32%\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.309 | Size = 114624 bytes | Modified Date = 22-08-2005 19:00:00 | Attr = ]
(NaiAvFilter102) NAI Anti Virus [File_System | On_Demand | Stopped] -> NaiAvFilter102.sys -> File not found
(NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %System32%\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.301 | Size = 58464 bytes | Modified Date = 22-08-2005 19:00:00 | Attr = ]
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070214.020\NAVENG.SYS -> Symantec Corporation [Ver = 20071.1.1.10 | Size = 80472 bytes | Modified Date = 14-02-2007 10:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070214.020\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.1.1.10 | Size = 852600 bytes | Modified Date = 14-02-2007 10:00:00 | Attr = ]
(NPDriver) Norton Unerase Protection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NPDRIVER.SYS -> Symantec Corporation [Ver = 16.00.0.22 | Size = 34578 bytes | Modified Date = 14-08-2002 06:03:00 | Attr = ]
(NSCIRDA) NSC Infrared enhedsdriver [Kernel | On_Demand | Running] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 03-08-2004 22:00:52 | Attr = ]
(NsTrcNT) NsTrcNT [Kernel | Auto | Running] -> %System32%\drivers\nstrcnt.sys -> [Ver = | Size = 10808 bytes | Modified Date = 03-12-2002 05:51:44 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PMEM) PMEM [Kernel | Auto | Stopped] -> C:\%System32%\drivers\pmemnt.sys -> File not found
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(QCNDISIF) QCNDISIF [Kernel | On_Demand | Stopped] -> %System32%\drivers\qcndisif.sys -> IBM Corporation. [Ver = 1. 0. 0. 0 | Size = 12288 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SAVRT) SAVRT [Kernel | On_Demand | Running] -> %System32%\drivers\savrt.sys -> Symantec Corporation [Ver = 9.0.1.35 | Size = 235184 bytes | Modified Date = 25-07-2002 22:28:48 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | Auto | Running] -> %System32%\drivers\Savrtpel.sys -> Symantec Corporation [Ver = 9.0.1.35 | Size = 34992 bytes | Modified Date = 25-07-2002 22:28:54 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(ShockMgr) ShockMgr [Kernel | Auto | Running] -> %System32%\drivers\ShockMgr.sys -> IBM Corporation [Ver = 1.20.00 | Size = 4433 bytes | Modified Date = 15-12-2003 17:29:10 | Attr = ]
(Shockprf) Shockprf [Kernel | Boot | Running] -> %System32%\drivers\shockprf.sys -> IBM Corporation [Ver = 1.20.00 | Size = 58568 bytes | Modified Date = 17-12-2003 13:50:10 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5160 | Size = 266880 bytes | Modified Date = 23-06-2004 10:42:46 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 15-09-2006 22:52:12 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 05-04-2005 11:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 05-04-2005 11:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 270928 bytes | Modified Date = 19-11-2004 17:41:34 | Attr = ]
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %System32%\drivers\TDSMAPI.SYS -> [Ver = | Size = 8831 bytes | Modified Date = 24-10-2003 09:35:00 | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %System32%\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 16162 bytes | Modified Date = 23-06-2003 16:33:58 | Attr = ]
(TPPWR) TPPWR [Kernel | System | Running] -> %System32%\drivers\TPPWR.SYS -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 15360 bytes | Modified Date = 05-02-2004 00:36:00 | Attr = ]
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %System32%\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 18-12-2003 10:30:00 | Attr = ]
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(w22n51) Intel(R) PRO/Wireless 2200 Adapter Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w22n51.sys -> Intel® Corporation [Ver = 8010-25 Driver | Size = 3148672 bytes | Modified Date = 19-11-2004 17:41:20 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.02.00 built by: WinDDK | Size = 675840 bytes | Modified Date = 19-11-2004 17:41:02 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 15-02-2007 07:29:20 | Attr = ]
Adaware -> %ProgramFiles%\Norman\Norman~1\ad-aware.exe /smart +prefs:G:\Ad-Aware\settings.awc -> File not found
Advanced Tools Check -> %ProgramFiles%\Norton AntiVirus\AdvTools\AdvChk.exe -> Symantec Corporation [Ver = 8.00.61 | Size = 79480 bytes | Modified Date = 26-08-2002 22:35:06 | Attr = ]
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 19-11-2004 17:40:42 | Attr = ]
BMMGAG -> %ProgramFiles%\ThinkPad\Utilities\PWRMONIT.DLL [RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor] -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 106496 bytes | Modified Date = 05-02-2004 00:36:00 | Attr = ]
BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 05-02-2004 00:36:00 | Attr = ]
BMMMONWND -> %ProgramFiles%\ThinkPad\Utilities\BATINFEX.DLL [rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor] -> [Ver = | Size = 395264 bytes | Modified Date = 05-02-2004 00:36:00 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.00.104 | Size = 50880 bytes | Modified Date = 19-08-2002 22:22:38 | Attr = ]
ccRegVfy -> %CommonProgramFiles%\Symantec Shared\ccRegVfy.exe -> Symantec Corporation [Ver = 1.00.104 | Size = 34504 bytes | Modified Date = 19-08-2002 22:23:16 | Attr = ]
EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EzEjMnAp.Exe -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 208896 bytes | Modified Date = 25-12-2003 10:04:00 | Attr = ]
EzPrint -> %ProgramFiles%\Lexmark 6200 Series\ezprint.exe -> [Ver = | Size = 61440 bytes | Modified Date = 17-09-2004 14:24:00 | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 22-09-2004 11:18:00 | Attr = ]
HydraVisionDesktopManager -> %ProgramFiles%\ATI Technologies\ATI HYDRAVISION\HydraDM.exe -> ATI Technologies Inc. [Ver = 3.25.0004 | Size = 270336 bytes | Modified Date = 26-06-2003 21:00:00 | Attr = ]
HydraVisionViewport -> %ProgramFiles%\ATI Technologies\ATI HYDRAVISION\HydraMD.exe -> ATI Technologies Inc. [Ver = 3.25.0004 | Size = 364544 bytes | Modified Date = 26-06-2003 21:00:00 | Attr = ]
LXBUCATS -> %System32%\spool\drivers\w32x86\3\lxbutime.dll [rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 69632 bytes | Modified Date = 10-09-2004 12:55:10 | Attr = ]
lxbumon.exe -> %ProgramFiles%\Lexmark 6200 Series\lxbumon.exE -> Lexmark International, Inc. [Ver = 1.198.0.0 | Size = 188416 bytes | Modified Date = 22-09-2004 11:41:02 | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.446 | Size = 139320 bytes | Modified Date = 23-11-2004 15:50:00 | Attr = ]
NPCTray -> %ProgramFiles%\TDCpakke\npc\bin\npc_tray.exe -> File not found
QCTRAY -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCTRAY.EXE -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 708608 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
QCWLICON -> %ProgramFiles%\ThinkPad\ConnectUtilities\QCWLICON.EXE -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 81920 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 12-12-2004 11:54:06 | Attr = ]
ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 22-09-2004 19:00:00 | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 0, 2, 4 | Size = 860160 bytes | Modified Date = 06-08-2004 08:27:56 | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 5, 0, 1, 57 | Size = 1368064 bytes | Modified Date = 01-04-2004 10:52:06 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09-11-2006 15:07:30 | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 15-02-2007 08:19:22 | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 512000 bytes | Modified Date = 19-11-2004 17:41:46 | Attr = ]
SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.12 16Jun04 | Size = 110592 bytes | Modified Date = 19-11-2004 17:41:46 | Attr = ]
TP4EX -> %System32%\TP4EX.exe -> IBM Corporation [Ver = 1.05.00 | Size = 53248 bytes | Modified Date = 04-09-2002 01:05:00 | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 08-08-2003 00:57:52 | Attr = ]
TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe -> IBM Corp. [Ver = 1, 1, 0, 0 | Size = 897024 bytes | Modified Date = 23-10-2003 23:39:22 | Attr = ]
TpShocks -> %System32%\TpShocks.exe -> [Ver = | Size = 102400 bytes | Modified Date = 28-01-2004 16:43:56 | Attr = ]
UC_SMB -> -> File not found
UC_Start -> %ProgramFiles%\IBM\Updater\ucstartup.exe -> [Ver = | Size = 36864 bytes | Modified Date = 30-09-2003 15:39:00 | Attr = ]
UserFaultCheck -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Common Startup > -> C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
%AllUsersStartup%\Adobe Reader Hurtigstart.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14-12-2004 03:44:06 | Attr = ]
%AllUsersStartup%\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 0, 0, 3007 | Size = 118784 bytes | Modified Date = 05-02-2004 14:28:16 | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINNT\System32\Rundll32.exe C:\WINNT\System32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINNT\INF\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 19-11-2004 17:40:42 | Attr = ]
QConGina -> %System32%\QConGina.dll -> IBM Corp. [Ver = 3, 3, 0, 0 | Size = 258048 bytes | Modified Date = 18-08-2004 03:30:00 | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 181 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\user32.dll -> C:\Programmer\Video ActiveX Object\isamntr.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\rare -> C:\Programmer\Video ActiveX Object\pmsnrr.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< HOSTS File > (723 bytes) -> C:\WINNT\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Search Page ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page ->
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Search Page ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page ->
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [CNavExtBho Class] -> Symantec Corporation [Ver = 9.00.68 | Size = 112248 bytes | Modified Date = 26-08-2002 22:36:28 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 9.00.68 | Size = 112248 bytes | Modified Date = 26-08-2002 22:36:28 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Norton AntiVirus] -> Symantec Corporation [Ver = 9.00.68 | Size = 112248 bytes | Modified Date = 26-08-2002 22:36:28 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09-11-2006 15:21:54 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09-11-2006 15:21:52 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter til Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 15-02-2007 07:29:18 | Attr = ]
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 9.00.68 | Size = 112248 bytes | Modified Date = 26-08-2002 22:36:28 | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> %ProgramFiles%\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 22-09-2004 19:00:00 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 15-02-2007 07:29:18 | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> %ProgramFiles%\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 22-09-2004 19:00:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVShExt.dll [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 9.00.68 | Size = 112248 bytes | Modified Date = 26-08-2002 22:36:28 | Attr = ]
{cda2863e-2497-4c49-9b89-06840e070a87} [HKLM] -> %ProgramFiles%\Network Associates\VirusScan\shext.dll [VirusScan] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Modified Date = 22-09-2004 19:00:00 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14-12-2004 01:20:02 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{11D46EB8-59E8-4EAB-A388-CDE6CF512B04} -> (Intel(R) PRO/1000 MT Mobile Connection) ->
{9EA84AE8-A167-41F8-850A-919073A77188} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.1 - CodeBase =
http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase =
http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D8575CE3-3432-4540-88A9-85A1325D3375} -> e-Safekey - CodeBase =
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab ->
DirectAnimation Java Classes -> - CodeBase =
file://C:\WINNT\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase =
file://C:\WINNT\Java\classes\xmldso.cab ->
[Files - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267374592 bytes | Created Date = 02-01-1601 23:00:00 | Attr = HS]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 833 bytes | Created Date = 12-02-2007 13:14:01 | Attr = ]
Norton AntiVirus 2003 Professional Edition.lnk -> %AllUsersDesktop%\Norton AntiVirus 2003 Professional Edition.lnk -> [Ver = | Size = 1897 bytes | Created Date = 12-02-2007 09:50:56 | Attr = ]
rootchk.exe -> %UserDesktop%\rootchk.exe -> [Ver = | Size = 257047 bytes | Created Date = 12-02-2007 13:06:05 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rootchk.exe:Zone.Identifier ->
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 16-02-2007 07:54:50 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
_delis32.ini -> %SystemRoot%\_delis32.ini -> [Ver = | Size = 264 bytes | Created Date = 12-02-2007 09:51:09 | Attr = ]
{BEE5DFC8-2772-4BF1-9B45-EE59A39571C1}.dat -> %SystemRoot%\{BEE5DFC8-2772-4BF1-9B45-EE59A39571C1}.dat -> [Ver = | Size = 32 bytes | Created Date = 12-02-2007 09:52:05 | Attr = HS]
31321612ld.exe -> %System32%\31321612ld.exe -> [Ver = | Size = 26280 bytes | Created Date = 07-02-2007 19:31:32 | Attr = ]
365672ld.exe -> %System32%\365672ld.exe -> [Ver = | Size = 11680 bytes | Created Date = 07-02-2007 19:36:56 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 12-02-2007 13:43:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
Process.exe -> %System32%\Process.exe ->
http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 12-02-2007 13:43:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
qt-mt335.dll -> %System32%\qt-mt335.dll -> [Ver = | Size = 3489792 bytes | Created Date = 07-02-2007 20:38:03 | Attr = ]
RunOnce.tm_ -> %System32%\RunOnce.tm_ -> [Ver = | Size = 14 bytes | Created Date = 07-02-2007 19:11:02 | Attr = ]
RunOnce.t__ -> %System32%\RunOnce.t__ -> [Ver = | Size = 25 bytes | Created Date = 07-02-2007 19:11:02 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.6.8.1 | Size = 91904 bytes | Created Date = 12-02-2007 09:50:54 | Attr = ]
SR2.dat -> %System32%\SR2.dat -> [Ver = | Size = 14 bytes | Created Date = 12-02-2007 09:51:49 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 12-02-2007 13:43:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 12-02-2007 13:43:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 12-02-2007 13:43:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 12-02-2007 13:43:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 6586 bytes | Created Date = 12-02-2007 13:44:05 | Attr = ]
update00822631.exe -> %System32%\update00822631.exe -> [Ver = | Size = 128278 bytes | Created Date = 07-02-2007 19:11:05 | Attr = ]
update21677000.exe -> %System32%\update21677000.exe -> [Ver = | Size = 17267 bytes | Created Date = 07-02-2007 19:11:27 | Attr = ]
{E85DE27B-3AD1-49DC-8C7B-729ED7EC83BC}.dat -> %System32%\{E85DE27B-3AD1-49DC-8C7B-729ED7EC83BC}.dat -> [Ver = | Size = 32 bytes | Created Date = 12-02-2007 09:52:05 | Attr = HS]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12-02-2007 13:13:54 | Attr = ]
NPDRIVER.SYS -> %System32%\drivers\NPDRIVER.SYS -> Symantec Corporation [Ver = 16.00.0.22 | Size = 34578 bytes | Created Date = 12-02-2007 09:51:18 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Created Date = 12-02-2007 09:50:54 | Attr = ]
[Files - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267374592 bytes | Modified Date = 16-02-2007 08:08:46 | Attr = HS]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4833360 bytes | Modified Date = 16-02-2007 08:06:04 | Attr = H ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 833 bytes | Modified Date = 12-02-2007 13:14:02 | Attr = ]
Norton AntiVirus 2003 Professional Edition.lnk -> %AllUsersDesktop%\Norton AntiVirus 2003 Professional Edition.lnk -> [Ver = | Size = 1897 bytes | Modified Date = 12-02-2007 10:02:30 | Attr = ]
rootchk.exe -> %UserDesktop%\rootchk.exe -> [Ver = | Size = 257047 bytes | Modified Date = 12-02-2007 13:06:18 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rootchk.exe:Zone.Identifier ->
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 16-02-2007 07:55:06 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 16-02-2007 08:08:48 | Attr = S]
randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 16-02-2007 08:40:22 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 307 bytes | Modified Date = 16-02-2007 08:15:14 | Attr = ]
_delis32.ini -> %SystemRoot%\_delis32.ini -> [Ver = | Size = 264 bytes | Modified Date = 12-02-2007 09:51:10 | Attr = ]
{BEE5DFC8-2772-4BF1-9B45-EE59A39571C1}.dat -> %SystemRoot%\{BEE5DFC8-2772-4BF1-9B45-EE59A39571C1}.dat -> [Ver = | Size = 32 bytes | Modified Date = 12-02-2007 09:52:06 | Attr = HS]
31321612ld.exe -> %System32%\31321612ld.exe -> [Ver = | Size = 26280 bytes | Modified Date = 07-02-2007 19:32:40 | Attr = ]
365672ld.exe -> %System32%\365672ld.exe -> [Ver = | Size = 11680 bytes | Modified Date = 07-02-2007 19:38:32 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Modified Date = 12-02-2007 13:12:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
FLC-HJE-HOK2.DELTA -> %System32%\FLC-HJE-HOK2.DELTA -> [Ver = | Size = 1090 bytes | Modified Date = 16-02-2007 08:15:04 | Attr = ]
FLC-HJE-HOK2.HWS -> %System32%\FLC-HJE-HOK2.HWS -> [Ver = | Size = 279383 bytes | Modified Date = 16-02-2007 08:15:04 | Attr = ]
Process.exe -> %System32%\Process.exe ->
http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 12-02-2007 13:12:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
RunOnce.tm_ -> %System32%\RunOnce.tm_ -> [Ver = | Size = 14 bytes | Modified Date = 07-02-2007 19:11:04 | Attr = ]
RunOnce.t__ -> %System32%\RunOnce.t__ -> [Ver = | Size = 25 bytes | Modified Date = 07-02-2007 19:17:04 | Attr = ]
SR2.dat -> %System32%\SR2.dat -> [Ver = | Size = 14 bytes | Modified Date = 12-02-2007 09:51:50 | Attr = ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 6586 bytes | Modified Date = 12-02-2007 13:44:06 | Attr = ]
update00822631.exe -> %System32%\update00822631.exe -> [Ver = | Size = 128278 bytes | Modified Date = 07-02-2007 19:11:16 | Attr = ]
update21677000.exe -> %System32%\update21677000.exe -> [Ver = | Size = 17267 bytes | Modified Date = 07-02-2007 19:11:34 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 10-02-2007 09:45:22 | Attr = ]
{E85DE27B-3AD1-49DC-8C7B-729ED7EC83BC}.dat -> %System32%\{E85DE27B-3AD1-49DC-8C7B-729ED7EC83BC}.dat -> [Ver = | Size = 32 bytes | Modified Date = 12-02-2007 09:52:06 | Attr = HS]
[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rootchk.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\31321612ld.exe -> [Ver = | Size = 26280 bytes | Modified Date = 07-02-2007 19:32:40 | Attr = ]
UPX! , UPX0 , -> %System32%\365672ld.exe -> [Ver = | Size = 11680 bytes | Modified Date = 07-02-2007 19:38:32 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41123 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12-02-2007 13:12:34 | Attr = ]
UPX! , UPX0 , -> %System32%\update00822631.exe -> [Ver = | Size = 128278 bytes | Modified Date = 07-02-2007 19:11:16 | Attr = ]
UpackByDwing , MZKERNEL32.DLL , -> %System32%\update21677000.exe -> [Ver = | Size = 17267 bytes | Modified Date = 07-02-2007 19:11:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03-08-2004 21:41:38 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03-08-2004 21:41:38 | Attr = ]
< End of report >
Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Unable to stop service ieupdater .
Unable to delete service ieupdater .
File C:\Documents and Settings\Bruger\~tmp0374.exe not found.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.
[ Extra Files ]
File/Folder C:\Documents and Settings\All Users\Dokumenter\Settings\partnership.dll not found.
LoadLibrary failed for C:\WINNT\system32\rpcc.dll
C:\WINNT\system32\rpcc.dll NOT unregistered.
File move failed. C:\WINNT\system32\rpcc.dll scheduled to be moved on reboot.
[ Extra Registry Entries ]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F} deleted successfully.
Registry value deletion failed for HKEY_LOCAL_MACHINE\\\ .
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8A5849C4-93F3-429D-FF34-660A2068897C} deleted successfully.
< End of log >
Created on 02-16-2007 08:04:28