youtubelink from me!!!

Having software/hardware problems? Get help here!

Postby [Aliens]Baal-Sebub » Mon Sep 29, 2008 8:02 pm

dqucqp.dll
not found

malwarebytes anti-malware logg 2008-09.28
dqucqp.dll its deleted

Malwarebytes' Anti-Malware 1.28
Databasversion: 1168
Windows 5.1.2600 Service Pack 3

2008-09-18 18:36:36
mbam-log-2008-09-18 (18-36-36).txt

Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 104473
Förfluten tid: 28 minute(s), 53 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 2
Infekterade registernycklar: 12
Infekterade registervärden: 4
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 8

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
C:\WINDOWS\system32\atfcmmaw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dqucqp.dll (Trojan.Vundo) -> Delete on reboot.

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149f11bc-d5bf-4491-b94e-c72fb081f35d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvwmkaa (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{149f11bc-d5bf-4491-b94e-c72fb081f35d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc52b605-7b07-4fbf-8301-8e3185905160} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fc52b605-7b07-4fbf-8301-8e3185905160} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8814c2a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurf6.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\system32\tuvWmKaA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqucqp.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\atfcmmaw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wammcfta.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egqigeyf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

Postby [Aliens]acer » Mon Sep 29, 2008 8:38 pm

Here u go. Some reading 4 u :P :magball:

info.txt logfile of random's system information tool 1.02 2008-09-29 22:40:10

======Uninstall list======

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BBC Byggare Bob-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D3A4F50-B820-4A2D-8F6F-6514710B3BB9}\setup.exe"
Björne-->C:\Windows\unvise32.exe C:\Program Files\Björne\uninstal.log
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}
CoD RconTool 9.1-->C:\Program Files\CoD RconTool\Uninstal.exe
DEVIL MAY CRY 4 BENCHMARK-->MsiExec.exe /I{B824BEEF-262B-4B48-9984-D0C6B43C40DD}
Disneys Extremt LÃ¥ngbenta Skateboarding-->C:\Windows\IsUn041d.exe -fc:\BARNEN~1\DeIsL1.isu
Dr. Brain: Action Reaction-->C:\Windows\IsUn041d.exe -f"C:\Program Files\Levande\DBACTREA\DeIsL1.isu"
Drome Racers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x1d
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1053
Fem myror är fler än fyra elefanter-->C:\Genius\FEMMYR~1\UNWISE.EXE C:\Genius\FEMMYR~1\INSTALL.LOG
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)-->C:\Windows\system32\unwlsdrv.exe SiS163u
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kalle Kunskap LEKSTUGA-->C:\Program Files\Mindscape\Kalle Kunskap LEKSTUGA\uninstall.exe
LeapFTP 3.0-->"C:\Program Files\LeapFTP 3.0\unins000.exe"
Lotus 1-2-3 97-->C:\Windows\lunin10.exe /T 123Suite /V 97.0 /I "c:\lotus\minisuit.inf" /C "c:\lotus\cinstall.ini" /O /L SV
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{0002041D-78E1-11D2-B60F-006097C998E7}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{9017041D-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{8BA42EAE-19AD-4BF2-88C0-0232B1FBFDE2}
ModernRcon v0.5-->C:\Program Files\ModernRcon\Uninstal.exe
ModernRcon v0.6-->C:\Program Files\ModernRcon\Uninstal.exe
ModernRcon v0.7-->C:\Program Files\ModernRcon\Uninstal.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Namo WebEditor 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3FA287-2622-4340-AAF6-0AD29F21A691}\setup.exe" -l0x9
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571053}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia PC Suite-->C:\ProgramData\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_swe.exe
Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Pinnacle PCTV MCE (OEM Europe)-->MsiExec.exe /X{08FC7F83-69F9-4A87-9E79-32265E047375}
rayman2-->C:\Windows\UbiSoft\SetupUbi.exe -uninstall rayman2
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Telia Säker Surf-->"C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\PostInstall.exe" /tUnInstall
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Driver Package - Philips Pinnacle Systems PCTV 3010ix, 7010ix (10/27/2006 1.0.3.3)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\pctv716x.inf_38c010dc\pctv716x.inf
Windows Driver Package - Pinnacle Systems PCTV 100e/320e Audio (01/29/2007 5.7.0129.0)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\pctvempa.inf_04079692\pctvempa.inf
Windows Driver Package - Pinnacle Systems PCTV 100i,110i,300i,310i, MCE (11/22/2006 1.3.3.5)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\pctv713xi.inf_1f75d240\pctv713xi.inf
Windows Driver Package - Pinnacle Systems PCTV 70e/100e/160e/170e/320e/330e/800e (01/29/2007 5.7.0129.0)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\pctvempv.inf_55242ca7\pctvempv.inf
Windows Driver Package - Pinnacle Systems PCTV 71e (09/28/2006 6.9.28.4)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\af15bda.inf_a6f383a0\af15bda.inf
Windows Driver Package - Pinnacle Systems Pinnacle Systems PCTV 310c (06/02/2006 3.0.1.1)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\pctv310cav.inf_eb9f3f58\pctv310cav.inf
Windows Driver Package - Pinnacle Systems Pinnacle Systems PCTV 310c (06/02/2006 3.0.1.1)-->rundll32.exe C:\PROGRA~1\DIFX\4A46D8A01D3E2287\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\pctv310ctv.inf_ae7fa3fd\pctv310ctv.inf
Windows Driver Package - Silicon Integrated Systems Corp.(1.11.03) (SIS163u) Net (05/07/2007 6.0.1039.1110)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\sis163u.inf_772b6d29\sis163u.inf
Windows Live inloggningsassistenten-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Mail-->MsiExec.exe /I{7664A2EF-34F5-42D2-8FD8-4FEF0047A929}
Windows Live Messenger-->MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows-drivrutinspaket - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windows-drivrutinspaket - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_51d2d3e1\pccs_bluetooth.inf
Windows-drivrutinspaket - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows-drivrutinspaket - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows-drivrutinspaket - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_e5643fdd\nokbtmdm.inf
Windows-drivrutinspaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: Telia Säker Surf 7.03
FW: Telia Säker Surf 7.03
AS: Windows Defender
AS: Telia Säker Surf 7.03

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------
AND

Logfile of random's system information tool 1.02 (written by random/random)
Run by fsc at 2008-09-29 22:40:07
Microsoft® Windows Vista™ Home Premium
System drive C: has 87 GB (57%) free of 152 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:09, on 2008-09-29
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\notepad.exe
C:\Users\fsc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6ZXJ1EF\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\fsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliens.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LeapFTP Internet Explorer Hook - {A5479DA1-7843-43A7-B5C0-BE342C77B629} - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Windows\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 8312 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Länkhjälp till Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5479DA1-7843-43A7-B5C0-BE342C77B629}]
LeapFTP Internet Explorer Hook - C:\PROGRA~1\LEAPFT~1.0\lftpie.dll [2008-07-14 90888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-19 2411584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-02-19 2411584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-06-12 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"F-Secure Manager"=C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE [2008-01-22 182936]
"F-Secure TNB"=C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe [2008-01-22 739936]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=C:\Windows\system32\qttask.exe [2008-02-29 98304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-02-19 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-02-19 171448]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Users\fsc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\LeapFTP 3.0\LeapFTP.exe"="C:\Program Files\LeapFTP 3.0\LeapFTP.exe:*:Enabled:LeapFTP 3.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27797402-df1e-11dc-a7b7-806e6f6e6963}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{725c9545-d03e-11dc-be4a-806e6f6e6963}]
shell\AutoRun\command - F:\Autorun.exe


======List of files/folders created in the last 1 months======

2008-09-29 22:40:07 ----D---- C:\rsit
2008-09-29 18:30:24 ----D---- C:\Program Files\Trend Micro
2008-09-28 10:11:38 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-09-28 10:11:37 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-09-28 10:11:37 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-09-28 10:11:36 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-09-28 10:11:36 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-09-28 10:11:34 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-09-28 10:11:34 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-09-28 10:11:33 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-09-28 10:11:33 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-09-28 10:11:32 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-09-28 10:11:31 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-09-28 10:11:30 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-09-28 10:11:30 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-09-28 10:11:29 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-09-28 10:11:28 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-09-28 10:11:28 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-09-28 10:08:56 ----D---- C:\Program Files\CAPCOM
2008-09-27 17:27:08 ----D---- C:\Users\fsc\AppData\Roaming\PeerNetworking
2008-09-18 08:31:14 ----A---- C:\Windows\system32\wups2.dll
2008-09-18 08:31:14 ----A---- C:\Windows\system32\wuauclt.exe
2008-09-18 08:31:11 ----A---- C:\Windows\system32\wucltux.dll
2008-09-18 08:31:08 ----A---- C:\Windows\system32\wuaueng.dll
2008-09-18 08:30:27 ----A---- C:\Windows\system32\wups.dll
2008-09-18 08:30:27 ----A---- C:\Windows\system32\wudriver.dll
2008-09-18 08:30:26 ----A---- C:\Windows\system32\wuapi.dll
2008-09-18 08:30:14 ----A---- C:\Windows\system32\wuwebv.dll
2008-09-18 08:30:14 ----A---- C:\Windows\system32\wuapp.exe
2008-09-16 10:31:21 ----D---- C:\Windows\system32\Adobe
2008-09-11 09:15:50 ----A---- C:\Windows\system32\WINGDE.DLL
2008-09-11 09:15:50 ----A---- C:\Windows\system32\WING32.DLL
2008-09-11 09:15:49 ----A---- C:\Windows\system32\WING.DLL
2008-09-11 09:15:38 ----D---- C:\Program Files\Mindscape
2008-09-11 09:13:08 ----A---- C:\Windows\_delis32.ini
2008-09-11 09:13:04 ----A---- C:\Windows\Setup32.INI
2008-09-11 09:04:55 ----D---- C:\Users\fsc\AppData\Roaming\Microsoft Web Folders
2008-09-09 21:26:09 ----A---- C:\Windows\system32\gameux.dll
2008-09-09 21:26:07 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 21:25:58 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 21:25:54 ----A---- C:\Windows\system32\wmpeffects.dll

======List of files/folders modified in the last 1 months======

2008-09-29 22:40:09 ----D---- C:\Windows\Prefetch
2008-09-29 22:40:02 ----D---- C:\Windows\Temp
2008-09-29 18:30:24 ----RD---- C:\Program Files
2008-09-29 12:14:01 ----SHD---- C:\System Volume Information
2008-09-28 13:19:37 ----D---- C:\Windows\system32\Macromed
2008-09-28 13:19:25 ----D---- C:\Windows\System32
2008-09-28 10:11:39 ----SHD---- C:\Windows\Installer
2008-09-28 10:11:15 ----RSD---- C:\Windows\assembly
2008-09-27 17:25:30 ----D---- C:\Windows\system32\Tasks
2008-09-27 17:21:00 ----SD---- C:\Users\fsc\AppData\Roaming\Microsoft
2008-09-26 23:23:39 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-09-26 13:26:37 ----D---- C:\Program Files\SpeedFan
2008-09-20 13:10:34 ----D---- C:\Windows\system32\catroot2
2008-09-19 13:09:40 ----D---- C:\Windows\rescache
2008-09-19 12:48:24 ----D---- C:\Windows\system32\sv-SE
2008-09-18 20:57:10 ----D---- C:\Windows\winsxs
2008-09-18 08:31:43 ----D---- C:\Windows\system32\catroot
2008-09-16 10:31:26 ----SD---- C:\Windows\Downloaded Program Files
2008-09-14 19:21:37 ----D---- C:\Fraps
2008-09-13 22:50:12 ----D---- C:\Users\fsc\AppData\Roaming\Azureus
2008-09-11 09:15:25 ----D---- C:\Windows
2008-09-11 09:08:23 ----A---- C:\Windows\ODBC.INI
2008-09-11 09:08:12 ----D---- C:\Program Files\Common Files
2008-09-11 09:08:01 ----A---- C:\Windows\win.ini
2008-09-11 09:07:48 ----RSD---- C:\Windows\Fonts
2008-09-11 09:07:22 ----RSD---- C:\Windows\Media
2008-09-11 09:07:08 ----D---- C:\Program Files\Common Files\microsoft shared
2008-09-11 09:06:57 ----D---- C:\Program Files\Common Files\System
2008-09-11 09:06:51 ----D---- C:\Windows\ShellNew
2008-09-11 09:06:19 ----D---- C:\Windows\Help
2008-09-11 09:06:18 ----D---- C:\Windows\MSAgent
2008-09-11 09:04:55 ----D---- C:\Program Files\Microsoft Office
2008-09-11 09:03:29 ----D---- C:\Windows\system
2008-09-10 14:33:56 ----D---- C:\Windows\AppPatch
2008-09-09 21:34:41 ----D---- C:\Program Files\Microsoft Works
2008-09-09 21:34:40 ----D---- C:\Windows\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Telia\Telias sakerhetstjanster\HIPS\fshs.sys [2008-02-18 41184]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2008-01-22 34752]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-03-17 60064]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsvista.sys [2008-01-22 12896]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys [2008-01-22 62048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 218624]
R3 usbscan;Drivrutin för USB-skanner; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-06-12 82688]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 3544064]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2006-11-02 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys [2008-01-22 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys [2008-01-22 25184]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-04-03 47872]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-29 667648]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe [2008-01-22 47800]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE [2008-01-22 113304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-02-19 66872]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe [2008-01-22 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe [2008-01-22 453216]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader Service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-11 72704]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Image
User avatar
[Aliens]acer
2nd Lieutenant
2nd Lieutenant
 
Posts: 879
Joined: Mon Feb 04, 2008 7:05 pm
Location: Sweden, Vetlanda

Postby [Aliens]kronenbourg » Mon Sep 29, 2008 10:01 pm

Baal-Sebub, 1st computer


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]kronenbourg » Mon Sep 29, 2008 10:01 pm

Thanks Ace, will be tomorrow. baal, I'll do the other pc's tomorrow, as its computer support night for me :P
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]Baal-Sebub » Tue Sep 30, 2008 5:43 pm

Baal's computer 1


ComboFix 08-09-28.05 - Mats 2008-09-30 19:27:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.530 [GMT 2:00]
Running from: C:\Documents and Settings\Mats\Skrivbord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mats\Application Data\inst.exe
C:\Documents and Settings\Mats\Cookies\mats@clicktorrent[2].txt
C:\WINDOWS\admintxt.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ftdiutlq.ini
C:\WINDOWS\system32\krlygdtx.ini
C:\WINDOWS\system32\rwdvcbje.ini
C:\WINDOWS\system32\UFgOUvut.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-19 20:58 . 2008-09-19 21:00 <KAT> d-------- C:\Program\Unlocker
2008-09-19 20:58 . 2008-09-28 20:08 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\Desktopicon
2008-09-19 20:17 . 2008-09-19 20:17 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\Uniblue
2008-09-19 20:06 . 2008-09-19 20:06 <KAT> d-------- C:\Program\Trend Micro
2008-09-18 17:45 . 2008-09-18 17:45 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware
2008-09-18 17:45 . 2008-09-18 17:45 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\Malwarebytes
2008-09-18 17:45 . 2008-09-18 17:45 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 17:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 17:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 23:17 . 2008-09-17 23:17 <KAT> d-------- C:\Program\SUPERAntiSpyware
2008-09-17 23:17 . 2008-09-17 23:17 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\SUPERAntiSpyware.com
2008-09-17 23:17 . 2008-09-17 23:17 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-17 23:16 . 2008-09-17 23:16 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-09-17 21:03 . 2008-09-29 19:29 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-16 17:22 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-16 17:22 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-16 17:22 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-15 22:56 . 2008-09-15 22:56 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-09-15 22:42 . 2008-09-16 17:22 <KAT> d-------- C:\Program\Norton Internet Security
2008-09-15 22:41 . 2008-09-15 22:57 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-15 22:41 . 2008-09-15 22:57 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-15 22:41 . 2008-09-15 22:57 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-15 22:41 . 2008-09-15 22:57 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-15 22:31 . 2008-09-15 22:31 13,224 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-09-15 22:31 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-09-15 21:58 . 2008-09-15 21:58 <KAT> dr------- C:\Documents and Settings\NetworkService\Favoriter
2008-09-15 21:56 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-15 21:55 . 2008-09-15 21:55 <KAT> d-------- C:\WINDOWS\Logs
2008-09-15 18:27 . 2008-09-15 18:27 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2
2008-09-14 23:10 . 2008-09-14 23:10 0 --a------ C:\WINDOWS\vpc32.INI
2008-09-14 20:26 . 2008-09-14 20:26 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\Symantec
2008-09-14 20:23 . 2008-09-15 22:57 <KAT> d-------- C:\Program\Symantec
2008-09-14 20:23 . 2008-09-30 19:21 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-14 17:39 . 2008-09-15 17:42 362,249 --ahs---- C:\WINDOWS\system32\UFgOUvut.ini2
2008-09-13 20:58 . 2008-09-13 20:58 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\SPORE
2008-09-13 20:44 . 2008-09-13 20:44 1,194 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-13 20:11 . 2008-09-13 20:11 <KAT> d-------- C:\Program\Electronic Arts
2008-09-12 21:43 . 2008-09-15 17:16 <KAT> d-------- C:\Program\MMC
2008-09-12 20:29 . 2003-01-30 14:32 36,864 --------- C:\WINDOWS\system32\KmRemove.exe
2008-09-12 20:05 . 2008-09-12 20:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-09-09 18:12 . 2008-09-09 18:12 <KAT> d-------- C:\Program\Lantm„teriet
2008-09-06 18:44 . 2008-09-06 18:44 <KAT> d-------- C:\MagellanDrivers
2008-09-06 18:35 . 2003-03-02 19:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
2008-09-06 18:35 . 2003-04-19 02:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
2008-09-06 18:34 . 2008-09-06 18:44 <KAT> d-------- C:\Program\Magellan
2008-09-05 22:41 . 2008-09-10 18:52 <KAT> d-------- C:\Program\ACLTWIN
2008-09-05 22:23 . 2008-09-05 22:23 <KAT> d-------- C:\Documents and Settings\Mats\WINDOWS
2008-09-05 22:23 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-09-05 21:39 . 2004-08-20 15:56 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-09-05 21:30 . 2008-09-05 21:30 <KAT> d-------- C:\Program\COMPAQ
2008-09-03 19:46 . 2008-09-03 19:49 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-09-03 19:46 . 2008-09-03 19:50 70,440 --a------ C:\WINDOWS\War3Unin.dat
2008-09-03 19:46 . 2008-09-03 19:49 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-09-03 19:45 . 2008-09-28 10:59 <KAT> d-------- C:\Program\Warcraft III
2008-09-02 18:54 . 2008-09-02 18:54 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\Windows Search
2008-09-02 18:50 . 2008-09-02 18:50 268 --ah----- C:\sqmdata02.sqm
2008-09-02 18:50 . 2008-09-02 18:50 244 --ah----- C:\sqmnoopt02.sqm
2008-08-16 17:28 . 2008-08-16 17:28 <KAT> d-------- C:\Documents and Settings\Mats\Application Data\vlc
2008-08-16 17:27 . 2008-08-16 17:27 <KAT> d-------- C:\Program\VideoLAN
2008-08-14 13:08 . 2008-08-14 13:08 <KAT> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-14 13:08 . 2008-09-19 20:49 <KAT> d-------- C:\Program\Windows Desktop Search
2008-08-14 13:08 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-14 13:08 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-14 13:08 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-14 13:07 . 2008-07-22 17:06 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-14 13:07 . 2008-07-22 17:06 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-14 13:07 . 2008-07-22 17:06 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-14 12:19 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 12:18 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-03 00:11 . 2008-08-03 00:11 268 --ah----- C:\sqmdata01.sqm
2008-08-03 00:11 . 2008-08-03 00:11 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 17:25 --------- d-----w C:\Program\Delade filer\Symantec Shared
2008-09-28 20:51 --------- d-----w C:\Documents and Settings\Mats\Application Data\uTorrent
2008-09-28 16:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-27 00:22 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-09-15 15:41 --------- d--h--w C:\Program\InstallShield Installation Information
2008-09-15 15:39 --------- d-----w C:\Program\CyberLink
2008-09-13 18:44 --------- d-----w C:\Program\Delade filer\InstallShield
2008-09-11 18:54 --------- d-----w C:\Documents and Settings\Mats\Application Data\DivX
2008-09-11 18:45 --------- d-----w C:\Program\DivX
2008-09-10 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 16:12 --------- d-----w C:\Program\Lantmäteriet
2008-09-05 20:48 139 ----a-w C:\Program\INSTALL.LOG
2008-09-02 16:55 --------- d-----w C:\Program\Microsoft Silverlight
2008-08-16 15:28 --------- d-----w C:\Documents and Settings\Mats\Application Data\vlc
2008-08-14 10:35 --------- d-----w C:\Program\Java
2008-07-13 09:07 23 ----a-w C:\Documents and Settings\Mats\jagex_runescape_preferences.dat
2008-04-19 22:06 47,360 ----a-w C:\Documents and Settings\Mats\Application Data\pcouffin.sys
2008-04-19 13:15 497,976 ----a-w C:\Program\dl.php
2008-05-15 19:43 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008051520080516\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PWRISOVM.EXE"="C:\Program\PowerISO\PWRISOVM.EXE" [2006-12-25 200704]
"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="C:\Program\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Program\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 118784]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
"SetRefresh"="C:\Program\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 118784]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dqucqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program\\uTorrent\\uTorrent.exe"=

R2 DSMCService;PAUService;C:\Program\SHARP\DSMC\bin\DSMCService.exe [2007-04-20 241724]
R2 MSSQL$DSMC;SQL Server (DSMC);C:\Program\SHARP\DSMC\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S2 RPCH;Remote Procedure Call (HPM);C:\Program\NetMeeting\nmwb.exe [2007-08-25 454656]
S2 RPCHE;Remote Procedure Call (RPCE);C:\Program\NetMeeting\Winlog.exe [2008-09-27 457216]
S3 cpuz129;cpuz129;C:\DOCUME~1\Mats\LOKALA~1\Temp\cpuz_x32.sys [ ]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program\Uniblue\RegistryBooster\RegistryBooster.exe
ShellExecuteHooks-{004DD816-D7A2-456A-AE04-EB9ABF822FE4} - C:\WINDOWS\TEMP\Down(0)ow.dll
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/webhp?sourceid=na ... v&ie=UTF-8
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
O8 -: E&xportera till Microsoft Excel - C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 19:32:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program\CyberLink\Shared Files\RichVideo.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\snmptrap.exe
.
**************************************************************************
.
Completion time: 2008-09-30 19:36:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 17:36:02

Pre-Run: 39 547 138 048 byte ledigt
Post-Run: 39,641,903,104 byte ledigt

212 --- E O F --- 2008-09-15 16:27:11
Last edited by [Aliens]Baal-Sebub on Tue Sep 30, 2008 7:39 pm, edited 1 time in total.
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

Postby [Aliens]Baal-Sebub » Tue Sep 30, 2008 5:52 pm

Baal's computer 1



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:39, on 2008-09-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\SHARP\DSMC\bin\DSMCService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\PowerISO\PWRISOVM.EXE
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\CyberLink\Shared Files\RichVideo.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\snmptrap.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Program\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8647732062
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: dqucqp.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: PAUService (DSMCService) - Unknown owner - C:\Program\SHARP\DSMC\bin\DSMCService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8590 bytes
Last edited by [Aliens]Baal-Sebub on Tue Sep 30, 2008 7:40 pm, edited 1 time in total.
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

Postby [Aliens]kronenbourg » Tue Sep 30, 2008 6:33 pm

Baal's computer 2

Not much showing, but just to be sure, lets have a look at an RSIT log:

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]kronenbourg » Tue Sep 30, 2008 6:48 pm

Baal's computer 3

Even better than the other two, all clear on this one 8)
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]kronenbourg » Tue Sep 30, 2008 7:04 pm

Ace's computer

Re-open HiJackThis and choose do a system scan only. Check the box of all the entry listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Now close all windows other than HiJackThis, then click Fix Checked. Reboot

Then....



  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Java(TM) 6 Update 3
  • Java(TM) 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.



You should be left with Java(TM) 6 Update 7


-------


Post a fresh Hijackthis log
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]Baal-Sebub » Tue Sep 30, 2008 7:43 pm

Baal's computer 2



info.txt logfile of random's system information tool 1.04 2008-09-30 21:38:44

======Uninstall list======

-->msiexec /package {90120000-0015-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-0016-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-0018-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-0019-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-001A-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-001B-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-0044-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-006E-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-00A1-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->msiexec /package {90120000-00BA-041D-0000-0000000FF1CE} /uninstall {F65CD3E6-755B-48F0-99BD-06BE14985E2B}
-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
1Click DVD Copy Pro 3.0.1.8-->"C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-041D-0000-0000000FF1CE} /uninstall {C41B2E34-C30E-4989-8A9D-6B0805B33EC1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-041D-0000-0000000FF1CE} /uninstall {E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}
3DMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\setup.exe" -l0x9 -removeonly
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\0569ced46d8a4bd43ea5027ac9bf923\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{643898A8-5565-49AC-B2FF-093D7A1F506C}
Adobe Reader 8.1.2 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{3F818569-A3A7-4D5E-AD4A-372C4A03678F}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adventures of Bleeposaurus: Dragonfire-->C:\PROGRA~1\NICKAR~1\ADVENT~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\ADVENT~1\INSTALL.LOG
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Alcohol Toolbar-->"C:\Windows\Alcohol_Toolbar_Uninstaller_1564.exe" _?=C:\Program Files\Alcohol Toolbar
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AquaNox-->C:\PROGRA~1\AquaNox\UNWISE.EXE C:\PROGRA~1\AquaNox\INSTALL.LOG
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\Windows\system32\Attansic\L1\atcInst.dll,VisUninst C:\Windows\system32\Attansic\L1 x86 pci\ven_1969&dev_1048
Avatar Bobble Battles-->C:\PROGRA~1\NICKAR~1\AVATAR~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\AVATAR~1\INSTALL.LOG
Avatar: Path of Zuko-->C:\PROGRA~1\NICKAR~1\AVATAR~2\UNWISE.EXE C:\PROGRA~1\NICKAR~1\AVATAR~2\INSTALL.LOG
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BankID säkerhetsprogram 4.9.3-->"C:\Program Files\Personal\bin\persinst.exe" -u
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x1d -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x1d -removeonly
BIONICLE Heroes-->C:\Program Files\InstallShield Installation Information\{09961A16-DA99-4F15-BBE1-E7755A3BA8E3}\setup.exe -runfromtemp -l0x0409
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BOTS-->"C:\Program Files\InstallShield Installation Information\{22D56257-DE33-4C7D-817B-C2DE69FE953C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Canon FAX-L360-->C:\Windows\IsUninst.exe -fC:\Windows\MpUninst.isu -c"C:\Windows\system32\uninstsr.dll
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
CyberLink MediaShow-->"C:\Program Files\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\Setup.exe" /z-uninstall
Danny Phantom Ghost Sweep-->C:\PROGRA~1\NICKAR~1\DANNYP~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\DANNYP~1\INSTALL.LOG
Disc2Phone-->MsiExec.exe /X{4824B59D-B9A4-45F8-8998-6C09C79A3EFB}
Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1053
El Tigre: Festival de las Pinatas!-->C:\PROGRA~1\NICKAR~1\ELTIGR~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\ELTIGR~1\INSTALL.LOG
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Euro Truck Simulator-->C:\Program Files\Euro Truck Simulator\Uninstal_EuroTruckSimulator.exe
Fairly OddParents Information Stupor Highway-->C:\PROGRA~1\NICKAR~1\FAIRLY~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\FAIRLY~1\INSTALL.LOG
Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
Feedidentifiering (Windows Live Toolbar)-->MsiExec.exe /X{39F73F7F-53C8-474C-B4D7-63DF3A063CF5}
Football Generation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{623446F8-D2D4-4942-9CA2-9D71ED8B24E9}\setup.exe" -l0x9
Forgotten Hope 2-->C:\Program Files\EA GAMES\Battlefield 2\Mods\FH2\uninst.exe
Fraps-->"C:\Fraps\uninstall.exe"
Free Mp3 Wma Converter V 1.7.2-->"C:\Program Files\Free Audio Pack\unins000.exe"
GameShadow-->MsiExec.exe /I{3AE325C5-5B0F-48E5-BAC9-B55C64467681}
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Gotcha!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4BF1D2E7-F003-4AD9-9820-525126BA9038}\Setup.exe" -l0x9
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
Heroes of Annihilated Empires-->"C:\Program Files\HeroesOfAE\unins000.exe"
HijackThis 2.0.2-->"E:\Från gamdatorn\bf2 mina dok\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jimmy Neutron Invention Revenge-->C:\PROGRA~1\NICKAR~1\JIMMYN~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\JIMMYN~1\INSTALL.LOG
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LastChaos-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}\Setup.exe" -l0x9
Lexmark Software Uninstall-->C:\Program Files\Lexmark_HostCD\Install\x86\Uninstall.exe
LIVE gaming on Windows Runtime Version 1.0.6027-->MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Logitech G11 Keyboard Software 1.03-->MsiExec.exe /X{77A1C7DD-E4F6-4057-92FC-710219215987}
LS-USBMX1/2/3 Steering...-->C:\Program Files\InstallShield Installation Information\{46DAF2A5-590A-437B-BDFD-B594C7C3C53B}\setup.exe -runfromtemp -l0x0009 -removeonly
LucasArts' The Phantom Menace-->C:\Windows\uninst.exe -f"C:\Program Files\LucasArts\The Phantom Menace\DeIsL1.isu"
Mage Knight(TM) Apocalypse-->C:\Program Files\InstallShield Installation Information\{E94FF1F8-E9E7-4A5C-B36A-0B2439EC68CA}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Master of Defense-->"C:\Program Files\Gamenext\Master of Defense\Uninstall.exe" "C:\Program Files\Gamenext\Master of Defense\install.log"
McDonald's Dragons-->C:\Program Files\McDonaldsDragons\uninstall.exe
McDonald's Fairies-->C:\Program Files\McDonaldsFairies\uninstall.exe
Medal of Honor Airborne-->MsiExec.exe /X{25F28E39-FDBB-11DB-8314-0800200C9A66}
Medal of Honor Pacific Assault(tm)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\setup.exe" -l0x9 -removeonly
Microsoft Office Access MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0015-041D-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0016-041D-0000-0000000FF1CE}
Microsoft Office Groove MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00BA-041D-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0044-041D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00A1-041D-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001A-041D-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0018-041D-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Swedish) 2007-->MsiExec.exe /X{90120000-002C-041D-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0019-041D-0000-0000000FF1CE}
Microsoft Office Shared MUI (Swedish) 2007-->MsiExec.exe /X{90120000-006E-041D-0000-0000000FF1CE}
Microsoft Office Word MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001B-041D-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Monopoly - SpongeBob SquarePants Edition-->C:\PROGRA~1\NICKAR~1\MONOPO~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\MONOPO~1\INSTALL.LOG
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need For Speed-->C:\WINDOWS\ISUN041D.EXE -f"C:\Program Files\Electronic Arts\Need For Speed\Uninst.isu" -c"C:\Program Files\Electronic Arts\Need For Speed\uninst.dll" W
Need for Speedâ„¢ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 7 Lite 7.9.6.0-->"C:\Program Files\Nero\unins000.exe"
nLite 1.4.5 beta 2-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}
PC Wizard 2008.1.84-->"C:\Program Files\PC Wizard 2008\unins000.exe"
PCMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Protected Music Converter 1.0.0.3-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RAPTOR-ADJUST M2 V1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Smarta menyer (Windows Live Toolbar)-->MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Soldier of Fortune Payback-->MsiExec.exe /X{11BFB898-71E5-488A-A8FF-0E462667FB72}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Sony Ericsson W800 Software-->C:\Program Files\Sony Ericsson\Sony Ericsson W800\W800Uninstall.exe
SpongeBob Atlantis SquareOff-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
SPOREâ„¢-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x001d -removeonly
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Game of Life - SpongeBob SquarePants Edition-->C:\PROGRA~1\NICKAR~1\THEGAM~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\THEGAM~1\INSTALL.LOG
The Neverhood-->C:\Program Files\DreamWorks Interactive\Neverhood\setup95.exe /uninstall
The Settlers III Gold Edition-->C:\Windows\IsUninst.exe -fC:\BlueByte\Settlers3\Uninst.isu -x -c"C:\BlueByte\Settlers3\install\itools.dll"
TPTEST 5.0.1-->"C:\Program Files\TPTEST5\unins000.exe"
TRUST 770Z POWERC@M OPTICAL ZOOM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82EC62C8-F874-4843-A8FC-856B730C165E}\Setup.exe" -l0x9
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live inloggningsassistenten-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger-->MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar-->MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows ljudscheman-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR -->C:\Program Files\WinRAR\uninstall.exe
Vol-FCR Demo-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Vol-FCR\ST6UNST.LOG"
Woody Woodpecker-->C:\Windows\IsUninst.exe -f"C:\Program Files\Woody Woodpecker\Uninst.isu"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

Postby [Aliens]Baal-Sebub » Tue Sep 30, 2008 7:45 pm

Baal's computer 2


Logfile of random's system information tool 1.04 (written by random/random)
Run by Mats Olsson at 2008-09-30 21:38:36
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 60 GB (20%) free of 305 GB
Total RAM: 3070 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:43, on 2008-09-30
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M2 V1\Panel.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mats Olsson\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mats Olsson.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RAPTOR-ADJUST] "C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M2 V1\Panel.exe"
O4 - HKLM\..\Run: [MpsOnn] C:\Windows\system32\spool\DRIVERS\W32X86\3\MpsOnn.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... dsv-se.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Block Level Filtering Service - Unknown owner - C:\Windows\svchost.exe (file missing)
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MarkVision Server (MvServer) - Unknown owner - C:\Windows\system32\lexmvservice.exe
O23 - Service: MarkVision Web Server (MvWebServer) - Unknown owner - C:\Windows\system32\lexwebservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11239 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Länkhjälp till Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-23 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]
Alcohol Toolbar Helper - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-10-12 798720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-23 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-19 2411584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - Alcohol Toolbar - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-10-12 798720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-19 2411584]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-23 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"RAPTOR-ADJUST"=C:\Program Files\RAPTOR-GAMING\RAPTOR-ADJUST M2 V1\Panel.exe [2007-03-21 90112]
"MpsOnn"=C:\Windows\system32\spool\DRIVERS\W32X86\3\MpsOnn.exe [2007-05-31 28232]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1126400]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2006-12-25 200704]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-11 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-29 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-10-19 171448]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BankID säkerhetsprogram.lnk - C:\Program Files\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-10-10 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dfe00b5-78f1-11dc-8a1c-001bfcfc3c67}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{248e5fb0-9612-11dc-8863-806e6f6e6963}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a89a3e9-7692-11dc-ba6b-806e6f6e6963}]
shell\AutoRun\command - D:\.\Bin\Assetup.exe


======List of files/folders created in the last 1 months======

2008-09-30 21:38:36 ----D---- C:\rsit
2008-09-29 19:40:42 ----D---- C:\Program Files\Trend Micro
2008-09-26 18:45:08 ----D---- C:\Users\Mats Olsson\AppData\Roaming\Personal
2008-09-26 18:44:21 ----D---- C:\Program Files\Personal
2008-09-26 16:58:47 ----D---- C:\Users\Mats Olsson\AppData\Roaming\AVGTOOLBAR
2008-09-25 21:23:28 ----D---- C:\Program Files\Windows Live Safety Center
2008-09-23 22:11:44 ----HD---- C:\$AVG8.VAULT$
2008-09-23 21:50:51 ----A---- C:\Windows\system32\avgrsstx.dll
2008-09-23 21:50:41 ----D---- C:\ProgramData\avg8
2008-09-23 21:50:41 ----D---- C:\Program Files\AVG
2008-09-22 18:15:18 ----D---- C:\Program Files\SCOL
2008-09-22 18:15:08 ----D---- C:\Program Files\Woody Woodpecker
2008-09-21 15:31:10 ----A---- C:\Windows\uninst.exe
2008-09-20 17:55:29 ----D---- C:\Program Files\BOTS
2008-09-20 13:20:51 ----D---- C:\Program Files\VID_0E8F&PID_0003
2008-09-18 21:44:09 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-09-18 21:44:04 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-18 21:44:03 ----D---- C:\Users\Mats Olsson\AppData\Roaming\SUPERAntiSpyware.com
2008-09-18 21:40:04 ----D---- C:\Users\Mats Olsson\AppData\Roaming\Malwarebytes
2008-09-18 21:40:01 ----D---- C:\ProgramData\Malwarebytes
2008-09-18 21:40:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 20:18:44 ----D---- C:\ProgramData\Codemasters
2008-09-18 18:25:31 ----RA---- C:\Windows\system32\tmp7E26.tmp
2008-09-18 18:25:31 ----D---- C:\Program Files\OpenAL
2008-09-18 18:24:19 ----RA---- C:\Windows\system32\tmp7E25.tmp
2008-09-18 18:14:35 ----D---- C:\Program Files\Codemasters
2008-09-16 18:33:39 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-09-16 18:33:39 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-09-16 18:33:38 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-09-16 18:33:38 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-09-16 18:33:38 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-09-16 18:33:38 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-09-16 18:33:38 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-09-16 18:33:38 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-09-16 18:33:37 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-09-16 18:33:37 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-09-16 18:33:37 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-09-16 18:33:37 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-09-16 18:33:37 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-09-16 18:33:36 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-09-16 18:33:36 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-09-16 18:33:36 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-09-16 18:33:36 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-09-16 18:33:35 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-09-16 18:33:33 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-09-16 18:33:33 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-09-16 18:31:13 ----D---- C:\Program Files\Euro Truck Simulator
2008-09-13 21:04:41 ----D---- C:\Users\Mats Olsson\AppData\Roaming\SPORE
2008-09-13 21:01:24 ----D---- C:\ProgramData\Electronic Arts
2008-09-10 19:10:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-10 19:10:05 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-10 19:10:04 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-10 19:09:59 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-10 19:09:59 ----A---- C:\Windows\system32\dataclen.dll
2008-09-10 19:09:59 ----A---- C:\Windows\system32\cdd.dll
2008-08-31 17:17:02 ----D---- C:\Program Files\Apple Software Update
2008-08-31 17:16:18 ----D---- C:\Program Files\iPod
2008-08-31 17:16:17 ----D---- C:\Program Files\iTunes
2008-08-31 17:14:57 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2008-09-30 21:38:43 ----D---- C:\Windows\Temp
2008-09-30 21:38:43 ----D---- C:\Windows\Prefetch
2008-09-30 20:58:48 ----D---- C:\Program Files\Warcraft III
2008-09-30 16:35:42 ----SHD---- C:\System Volume Information
2008-09-30 15:49:29 ----D---- C:\Windows\System32
2008-09-30 15:49:29 ----D---- C:\Windows\inf
2008-09-30 15:49:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-09-29 19:40:42 ----RD---- C:\Program Files
2008-09-29 05:27:07 ----D---- C:\Windows\system
2008-09-26 23:30:54 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-09-26 18:44:53 ----D---- C:\Windows\system32\Tasks
2008-09-25 21:25:30 ----SHD---- C:\Windows\Installer
2008-09-25 21:23:28 ----SD---- C:\Windows\Downloaded Program Files
2008-09-23 22:48:12 ----D---- C:\Program Files\GameSpy Arcade
2008-09-23 21:51:25 ----HD---- C:\ProgramData
2008-09-23 21:51:25 ----D---- C:\Windows\system32\drivers
2008-09-23 21:48:33 ----D---- C:\Windows
2008-09-21 15:31:24 ----D---- C:\Program Files\LucasArts
2008-09-20 21:22:53 ----D---- C:\Arbete
2008-09-20 17:55:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 15:10:57 ----AD---- C:\ProgramData\TEMP
2008-09-18 22:02:50 ----D---- C:\Users\Mats Olsson\AppData\Roaming\uTorrent
2008-09-18 21:43:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-18 19:26:02 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-09-18 18:25:31 ----A---- C:\Windows\system32\wrap_oal.dll
2008-09-18 18:25:31 ----A---- C:\Windows\system32\OpenAL32.dll
2008-09-18 18:25:19 ----RSD---- C:\Windows\assembly
2008-09-18 17:24:32 ----D---- C:\Windows\Minidump
2008-09-16 20:51:58 ----D---- C:\Program Files\Electronic Arts
2008-09-16 18:31:34 ----D---- C:\Windows\Logs
2008-09-13 23:02:10 ----D---- C:\Windows\system32\catroot2
2008-09-13 23:02:10 ----D---- C:\Windows\system32\catroot
2008-09-13 19:59:28 ----D---- C:\Program Files\Nick Arcade
2008-09-11 15:40:14 ----D---- C:\Windows\winsxs
2008-09-11 15:26:55 ----D---- C:\Windows\AppPatch
2008-09-10 21:01:37 ----D---- C:\ProgramData\Microsoft Help
2008-09-05 14:56:12 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-08-31 17:16:17 ----D---- C:\ProgramData\Apple Computer
2008-08-31 17:11:25 ----D---- C:\Program Files\Safari

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-23 97928]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-09-23 26824]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2006-12-25 31644]
R2 hwpsgt;hwpsgt; C:\Windows\system32\DRIVERS\hwpsgt.sys [2007-12-28 137344]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 lemsgt;lemsgt; C:\Windows\system32\DRIVERS\lemsgt.sys [2007-12-28 9472]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 GMFilter Filter;GMFilter Filter; C:\Windows\System32\Drivers\GMFilter.sys [2007-03-21 28416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2007-10-26 47360]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 arbcoe11;arbcoe11; C:\Windows\system32\drivers\arbcoe11.sys []
S3 BthEnum;Tjänsten Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth-enhet (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth-portdrivrutin; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth-radio USB-drivrutin; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Camdrv30;Philips ToUcam XS; C:\Windows\System32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 Cardex;Cardex; \??\C:\Windows\system32\drivers\TBPANEL.SYS []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2004-10-25 21664]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Tjänstproxy för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Klockproxy för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Kvalitetshanteringsproxy för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Bluetooth-enhet (RFCOMM-protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 STIrUsb;SigmaTel USB-IrDA-dongle; C:\Windows\system32\DRIVERS\irstusb.sys [2008-01-19 30208]
S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynasUSB.sys [2002-11-25 16896]
S3 usbscan;Drivrutin för USB-skanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2003-05-14 21216]
S3 WmUsbHid;Logitech WingMan Force (USB) driver ; C:\Windows\system32\drivers\WmUsbHid.sys [2003-05-14 23040]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-23 231704]
R2 Bonjour Service;Bonjour-tjänst; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MvServer;MarkVision Server; C:\Windows\system32\lexmvservice.exe [2007-05-10 73728]
R2 MvWebServer;MarkVision Web Server; C:\Windows\system32\lexwebservice.exe [2007-05-10 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-18 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-03-31 244904]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader Service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Block Level Filtering Service;Block Level Filtering Service; C:\Windows\svchost.exe []
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\Windows\system32\sfrem01.exe [2006-07-05 358008]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

Postby [Aliens]kronenbourg » Tue Sep 30, 2008 7:51 pm

Baal's computer 1


Do you know what this is:

C:\Program\dl.php

If you're not, then do the following:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\Program\dl.php
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Do the same with:

C:\WINDOWS\system32\UFgOUvut.ini2



Also, do this:

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



Kro
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]kronenbourg » Tue Sep 30, 2008 8:08 pm

Baal's computer 2

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



-----

Do you know what this folder is:

C:\Arbete

If not, do the following:



Please download DirLook by jpshortstuff from from one of the following mirrors:
Link 1
Link 2
Link 3
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    C:\Arbete

  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.


Kro
Image

Image
User avatar
[Aliens]kronenbourg
Lieutenant General
Lieutenant General
 
Posts: 4665
Joined: Thu Oct 19, 2006 7:20 am
Location: Bradford, England

Postby [Aliens]Baal-Sebub » Tue Sep 30, 2008 8:10 pm

dl.php = :twisted: delete ? unpack ? :twisted:

VirSCAN.org

"ERROR:Compress files limit 10 files, dl.php is zip archive, include 55 files!"



its BitTorrent Language pack 8) 8) 8) 8)

delet it yes yes :P :P
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

Postby [Aliens]Baal-Sebub » Tue Sep 30, 2008 8:28 pm

C:\Arbete

is my download map :?:


Thank you for all that you've done for me kro
Βεελζεβουλ
User avatar
[Aliens]Baal-Sebub
Staff Sergeant
Staff Sergeant
 
Posts: 185
Joined: Wed Oct 18, 2006 5:01 pm
Location: Borlänge Sweden

PreviousNext

Return to Tech-support

Who is online

Users browsing this forum: No registered users and 1 guest

cron