Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another HJT logfile

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Another HJT logfile

Unread postby Shaba » October 11th, 2008, 8:59 am

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    :files
    D:\Downloads\Appz\utorrent.exe
    C:\Documents and Settings\Nichma\Skrivbord\utorrent.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "D:\Downloads\Appz\utorrent.exe"=-
    "C:\Documents and Settings\Nichma\Skrivbord\utorrent.exe"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f10478-3ecf-11dd-8795-0015f2f25942}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df3ee258-50aa-11dc-865c-0015f2f25942}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0024b73-37b1-11dd-8788-0015f2f25942}]
    
    :commands
    [EmptyTemp]
    

  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- rsit log
- otmoveit3 log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: Another HJT logfile

Unread postby nimamaki » October 11th, 2008, 9:19 am

This is a log file that spontaneously appeared when I started up windows. It seem to be one of the logs you were after is it not?

========== FILES ==========
D:\Downloads\Appz\utorrent.exe moved successfully.
File/Folder C:\Documents and Settings\Nichma\Skrivbord\utorrent.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Downloads\Appz\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Nichma\Skrivbord\utorrent.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f10478-3ecf-11dd-8795-0015f2f25942}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df3ee258-50aa-11dc-865c-0015f2f25942}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0024b73-37b1-11dd-8788-0015f2f25942}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\etilqs_7dOVCLtp7ftAJcYeNagt scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\Perflib_Perfdata_c7c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DF2A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DF3C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DF6B41.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DFF477.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DFF489.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10112008_150254

Files moved on Reboot...
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\etilqs_7dOVCLtp7ftAJcYeNagt not found!
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\Perflib_Perfdata_c7c.dat not found!
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DF2A.tmp not found!
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DF3C.tmp not found!
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DF6B41.tmp not found!
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DFF477.tmp not found!
File C:\DOCUME~1\Nichma\LOKALA~1\Temp\~DFF489.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6b8.dat not found!
C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Nichma\Lokala inställningar\Application Data\Mozilla\Firefox\Profiles\67m4iv45.default\XUL.mfl moved successfully.

Here comes the rsit:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Nichma at 2008-10-11 15:16:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 137 GB (57%) free of 238 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:01, on 2008-10-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Personal\bin\Personal.exe
C:\Spel\3DO\Heroes3\Register\Remind32.exe
C:\Program\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nichma\Skrivbord\RSIT.exe
C:\Program\Trend Micro\HijackThis\Nichma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demonoid.com/files
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 3DO Registration.lnk = C:\Spel\3DO\Heroes3\Register\Remind32.exe
O4 - Startup: H3 The Shadow of Death(TM).lnk = C:\Spel\3DO\Heroes3\RegisterSOD\Remind32.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\Program\Common Files\Microsoft Shared\Speech\csvde.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

--
End of file - 8357 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program\google\googletoolbar2.dll [2007-10-23 2411584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-01 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program\google\googletoolbar2.dll [2007-10-23 2411584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-01-24 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-01-24 18944]
"CTDVDDET"=C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"RCSystem"=C:\Program\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"AudioDrvEmulator"=C:\Program\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]
"avast!"=C:\Program\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"igndlm.exe"=C:\Program\Download Manager\DLM.exe [2007-03-05 1103480]
"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-07 68856]
"Uniblue RegistryBooster 2"=C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program\Messenger\Msmsgs.exe [2005-08-31 1658592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Spel\CS\Steam.exe [2008-04-15 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-07-11 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
C:\Program\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
C:\Program\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
BankID säkerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Nichma\Start-meny\Program\Autostart
3DO Registration.lnk - C:\Spel\3DO\Heroes3\Register\Remind32.exe
H3 The Shadow of Death(TM).lnk - C:\Spel\3DO\Heroes3\RegisterSOD\Remind32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Spel\World of Warcraft\WoW-1.10.0-enGB-downloader.exe"="C:\Spel\World of Warcraft\WoW-1.10.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Spel\Stronghold2\Stronghold2.exe"="C:\Spel\Stronghold2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Spel\Stronghold 2\Stronghold2.exe"="C:\Spel\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Spel\NWN2\nwn2main.exe"="C:\Spel\NWN2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Spel\NWN2\nwn2main_amdxp.exe"="C:\Spel\NWN2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Spel\NWN2\nwupdate.exe"="C:\Spel\NWN2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Spel\NWN2\nwn2server.exe"="C:\Spel\NWN2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program\Cyanide\GameCenter\GameCenter.exe"="C:\Program\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Spel\Cyanide\Loki\Loki.exe"="C:\Spel\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"C:\Spel\Cyanide\Loki\Autorun\AutoRun.exe"="C:\Spel\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun"
"C:\Program\Flagship Studios\Hellgate London\Launcher.exe"="C:\Program\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\Messenger\Msmsgs.exe"="C:\Program\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program\iTunes\iTunes.exe"="C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c68490-7741-11db-840a-cc431b18cdd0}]
shell\AutoRun\command - E:\wizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a921722-6ada-11db-83e4-0015f2f25942}]
shell\AutoRun\command - G:\Setup.exe


======List of files/folders created in the last 1 months======

2008-10-11 15:02:54 ----D---- C:\_OTMoveIt
2008-10-11 14:54:11 ----SHD---- C:\Config.Msi
2008-10-11 14:21:51 ----RASHD---- C:\autorun.inf
2008-10-11 13:53:02 ----D---- C:\rsit
2008-10-11 12:12:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-11 12:09:11 ----D---- C:\WINDOWS\Prefetch
2008-10-11 12:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-11 12:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-11 12:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-11 12:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-11 12:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-11 12:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-11 12:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-11 12:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-11 12:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-11 12:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-11 12:04:03 ----D---- C:\WINDOWS\l2schemas
2008-10-11 12:04:02 ----D---- C:\WINDOWS\system32\sv
2008-10-11 12:04:02 ----D---- C:\WINDOWS\system32\bits
2008-10-11 12:02:46 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-11 11:59:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-11 11:59:39 ----D---- C:\WINDOWS\EHome
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-09 14:55:48 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-09 14:55:44 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-09 14:55:39 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-09 14:55:39 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-09 14:55:32 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-09 14:54:45 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-09 14:54:37 ----D---- C:\WINDOWS\Logs
2008-10-04 17:21:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-04 17:20:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-04 17:20:05 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-04 17:20:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-04 17:20:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-04 17:20:03 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-04 17:20:03 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-22 23:27:47 ----D---- C:\Documents and Settings\Nichma\Application Data\Agency9
2008-09-16 17:40:10 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

======List of files/folders modified in the last 1 months======

2008-10-11 15:13:28 ----D---- C:\Program\Mozilla Firefox
2008-10-11 15:11:16 ----D---- C:\WINDOWS\Temp
2008-10-11 15:10:57 ----D---- C:\WINDOWS
2008-10-11 15:09:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-11 15:09:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-11 14:54:16 ----SHD---- C:\WINDOWS\Installer
2008-10-11 14:54:13 ----D---- C:\Program\MSN Messenger
2008-10-11 14:46:28 ----HD---- C:\WINDOWS\inf
2008-10-11 13:05:41 ----RD---- C:\Program
2008-10-11 13:05:02 ----D---- C:\Program\Java
2008-10-11 13:04:58 ----AD---- C:\WINDOWS\system32
2008-10-11 12:38:32 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-11 12:12:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-11 12:10:34 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-11 12:09:15 ----A---- C:\WINDOWS\setuplog.txt
2008-10-11 12:08:29 ----D---- C:\WINDOWS\system32\Setup
2008-10-11 12:08:29 ----D---- C:\WINDOWS\AppPatch
2008-10-11 12:08:28 ----RSD---- C:\WINDOWS\Fonts
2008-10-11 12:08:28 ----D---- C:\WINDOWS\system32\wbem
2008-10-11 12:08:25 ----D---- C:\WINDOWS\system32\drivers
2008-10-11 12:07:48 ----D---- C:\WINDOWS\security
2008-10-11 12:07:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 12:06:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-11 12:04:11 ----D---- C:\WINDOWS\WinSxS
2008-10-11 12:04:08 ----D---- C:\WINDOWS\network diagnostic
2008-10-11 12:04:08 ----D---- C:\Program\Messenger
2008-10-11 12:04:07 ----D---- C:\WINDOWS\ime
2008-10-11 12:04:07 ----D---- C:\WINDOWS\Help
2008-10-11 12:04:03 ----D---- C:\WINDOWS\system32\usmt
2008-10-11 12:04:03 ----D---- C:\WINDOWS\system32\sv-se
2008-10-11 12:04:02 ----D---- C:\WINDOWS\PeerNet
2008-10-11 12:04:02 ----D---- C:\Program\Movie Maker
2008-10-11 12:02:42 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 12:02:42 ----D---- C:\WINDOWS\system32\npp
2008-10-11 12:02:41 ----D---- C:\WINDOWS\msagent
2008-10-11 12:02:40 ----D---- C:\WINDOWS\srchasst
2008-10-11 12:02:39 ----D---- C:\Program\NetMeeting
2008-10-11 12:02:38 ----D---- C:\WINDOWS\system32\Com
2008-10-11 12:02:37 ----D---- C:\Program\Windows NT
2008-10-11 12:02:37 ----D---- C:\Program\Windows Media Player
2008-10-11 12:02:37 ----D---- C:\Program\Outlook Express
2008-10-11 12:02:35 ----D---- C:\Program\Delade filer\System
2008-10-11 12:02:24 ----AD---- C:\WINDOWS\system32\oobe
2008-10-11 12:02:22 ----D---- C:\WINDOWS\system
2008-10-11 11:45:45 ----D---- C:\WINDOWS\Debug
2008-10-10 12:06:20 ----D---- C:\mIRC
2008-10-09 14:55:51 ----D---- C:\WINDOWS\system32\DirectX
2008-10-08 20:57:58 ----D---- C:\Documents and Settings\Nichma\Application Data\dvdcss
2008-10-06 22:52:34 ----D---- C:\Documents and Settings\Nichma\Application Data\Adobe
2008-10-05 21:23:46 ----D---- C:\Program\WinRAR
2008-10-04 17:21:25 ----D---- C:\Program\Delade filer\Adobe
2008-10-04 17:21:09 ----D---- C:\Program\Adobe
2008-10-04 17:19:52 ----RSD---- C:\WINDOWS\assembly
2008-10-04 17:08:11 ----D---- C:\Spel
2008-09-22 15:31:58 ----A---- C:\WINDOWS\avisplitter.INI
2008-09-16 18:05:50 ----D---- C:\Program\Delade filer\Blizzard Entertainment
2008-09-13 15:52:06 ----D---- C:\Program\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-10 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-10 18048]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-08 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-08 439424]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-08 142848]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-08 77824]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-08 1093632]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-11-09 25280]
R3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-08 114688]
R3 P1131VID;Creative WebCam NX Pro (WDM); C:\WINDOWS\system32\DRIVERS\P1131Vid.sys [2004-03-26 91241]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;HID-drivrutin för tangentbord; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 al2q8h0k;al2q8h0k; C:\WINDOWS\system32\drivers\al2q8h0k.sys []
S3 CCDECODE;Avkodare för dold textning; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-05-18 16880]
S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-anslutning; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Teletext-codec för världsstandard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2006-06-01 509440]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour-tjänst; C:\Program\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 RPCH;Remote Procedure Call (HPM); C:\Program\NetMeeting\Intell.exe [2006-07-11 458240]
S2 RPCM;Remote Procedure Manager(TPM); C:\Program\Common Files\Microsoft Shared\Speech\csvde.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800]
S3 sdCoreService;PC Tools Security Service; C:\Program\Spyware Doctor\pctsSvc.exe [2008-04-17 1017224]
S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
nimamaki
Active Member
 
Posts: 13
Joined: October 10th, 2008, 6:51 am

Re: Another HJT logfile

Unread postby Shaba » October 11th, 2008, 9:29 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another HJT logfile

Unread postby nimamaki » October 11th, 2008, 5:01 pm

Wow! That took some time. Here it is...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 11, 2008 13:52:34
Records in database: 1305225
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\
N:\

Scan statistics:
Files scanned: 151742
Threat name: 2
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 06:03:58


File name / Threat name / Threats count
C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
D:\Downloads\Appz\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
D:\Downloads\Appz\Warcraft III\keygen\warcraft3keygen.exe Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part01.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part02.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part03.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part04.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part05.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part06.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part07.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part08.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part09.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part10.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part11.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part12.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part13.rar Infected: Backdoor.Win32.Hupigon.cdoo 1

The selected area was scanned.

... and HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:13, on 2008-10-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Personal\bin\Personal.exe
C:\Spel\3DO\Heroes3\Register\Remind32.exe
C:\Program\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nichma\Lokala inställningar\Temp\jkos-Nichma\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demonoid.com/files
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 3DO Registration.lnk = C:\Spel\3DO\Heroes3\Register\Remind32.exe
O4 - Startup: H3 The Shadow of Death(TM).lnk = C:\Spel\3DO\Heroes3\RegisterSOD\Remind32.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\Program\Common Files\Microsoft Shared\Speech\csvde.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

--
End of file - 8335 bytes
nimamaki
Active Member
 
Posts: 13
Joined: October 10th, 2008, 6:51 am

Re: Another HJT logfile

Unread postby Shaba » October 12th, 2008, 4:45 am

Yes it can take some time.

It appears that your Warcraft III is not legit:

D:\Downloads\Appz\Warcraft III\keygen\warcraft3keygen.exe Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part01.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part02.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part03.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part04.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part05.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part06.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part07.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part08.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part09.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part10.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part11.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part12.rar Infected: Backdoor.Win32.Hupigon.cdoo 1
D:\Downloads\Appz\Warcraft_III.part13.rar Infected: Backdoor.Win32.Hupigon.cdoo 1

So please next delete files mentioned above and uninstall Warcraft III via add/remove programs.

Delete info.txt from c:\rsit folder.

Re-run rsit and post back fresh logs, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another HJT logfile

Unread postby nimamaki » October 12th, 2008, 5:39 am

Log first...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Nichma at 2008-10-12 11:37:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 138 GB (58%) free of 238 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:25, on 2008-10-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program\Personal\bin\Personal.exe
C:\Spel\3DO\Heroes3\Register\Remind32.exe
C:\Spel\3DO\Heroes3\RegisterSOD\Remind32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Documents and Settings\Nichma\Skrivbord\RSIT.exe
C:\Program\Trend Micro\HijackThis\Nichma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.demonoid.com/files
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 3DO Registration.lnk = C:\Spel\3DO\Heroes3\Register\Remind32.exe
O4 - Startup: H3 The Shadow of Death(TM).lnk = C:\Spel\3DO\Heroes3\RegisterSOD\Remind32.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Manager(TPM) (RPCM) - Unknown owner - C:\Program\Common Files\Microsoft Shared\Speech\csvde.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

--
End of file - 8501 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program\google\googletoolbar2.dll [2007-10-23 2411584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-01 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program\google\googletoolbar2.dll [2007-10-23 2411584]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-01-24 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-01-24 18944]
"CTDVDDET"=C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"RCSystem"=C:\Program\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"AudioDrvEmulator"=C:\Program\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]
"avast!"=C:\Program\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"igndlm.exe"=C:\Program\Download Manager\DLM.exe [2007-03-05 1103480]
"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-07 68856]
"Uniblue RegistryBooster 2"=C:\Program\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program\Messenger\Msmsgs.exe [2005-08-31 1658592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Spel\CS\Steam.exe [2008-04-15 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-07-11 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]
C:\Program\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]
C:\Program\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
BankID säkerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Nichma\Start-meny\Program\Autostart
3DO Registration.lnk - C:\Spel\3DO\Heroes3\Register\Remind32.exe
H3 The Shadow of Death(TM).lnk - C:\Spel\3DO\Heroes3\RegisterSOD\Remind32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Spel\World of Warcraft\WoW-1.10.0-enGB-downloader.exe"="C:\Spel\World of Warcraft\WoW-1.10.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\mIRC\mirc.exe"="C:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Spel\Stronghold2\Stronghold2.exe"="C:\Spel\Stronghold2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Spel\Stronghold 2\Stronghold2.exe"="C:\Spel\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Spel\NWN2\nwn2main.exe"="C:\Spel\NWN2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Spel\NWN2\nwn2main_amdxp.exe"="C:\Spel\NWN2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Spel\NWN2\nwupdate.exe"="C:\Spel\NWN2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Spel\NWN2\nwn2server.exe"="C:\Spel\NWN2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program\Cyanide\GameCenter\GameCenter.exe"="C:\Program\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Spel\Cyanide\Loki\Loki.exe"="C:\Spel\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"C:\Spel\Cyanide\Loki\Autorun\AutoRun.exe"="C:\Spel\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun"
"C:\Program\Flagship Studios\Hellgate London\Launcher.exe"="C:\Program\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\Messenger\Msmsgs.exe"="C:\Program\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program\iTunes\iTunes.exe"="C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16c68490-7741-11db-840a-cc431b18cdd0}]
shell\AutoRun\command - E:\wizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a921722-6ada-11db-83e4-0015f2f25942}]
shell\AutoRun\command - G:\Setup.exe


======List of files/folders created in the last 1 months======

2008-10-12 11:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-12 10:19:03 ----D---- C:\WINDOWS\LastGood
2008-10-11 15:02:54 ----D---- C:\_OTMoveIt
2008-10-11 14:54:11 ----SHD---- C:\Config.Msi
2008-10-11 14:21:51 ----RASHD---- C:\autorun.inf
2008-10-11 13:53:02 ----D---- C:\rsit
2008-10-11 12:12:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-11 12:09:11 ----D---- C:\WINDOWS\Prefetch
2008-10-11 12:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-11 12:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-11 12:06:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-11 12:06:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-11 12:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-11 12:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-11 12:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-11 12:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-11 12:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-11 12:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-11 12:04:03 ----D---- C:\WINDOWS\l2schemas
2008-10-11 12:04:02 ----D---- C:\WINDOWS\system32\sv
2008-10-11 12:04:02 ----D---- C:\WINDOWS\system32\bits
2008-10-11 12:02:46 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-11 11:59:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-11 11:59:39 ----D---- C:\WINDOWS\EHome
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-09 14:55:50 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-09 14:55:49 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-09 14:55:48 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-09 14:55:44 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-09 14:55:39 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-09 14:55:39 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-09 14:55:32 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-09 14:54:45 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-09 14:54:37 ----D---- C:\WINDOWS\Logs
2008-10-04 17:21:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-04 17:20:05 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-04 17:20:05 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-04 17:20:05 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-04 17:20:04 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-04 17:20:03 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-04 17:20:03 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-04 17:20:03 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-09-22 23:27:47 ----D---- C:\Documents and Settings\Nichma\Application Data\Agency9
2008-09-16 17:40:10 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

======List of files/folders modified in the last 1 months======

2008-10-12 11:35:40 ----D---- C:\WINDOWS
2008-10-12 11:31:40 ----D---- C:\Program\Mozilla Firefox
2008-10-12 11:31:25 ----HD---- C:\WINDOWS\inf
2008-10-12 11:31:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-12 11:31:11 ----AD---- C:\WINDOWS\system32
2008-10-12 11:08:56 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-12 10:19:04 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-12 10:19:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-12 10:15:40 ----D---- C:\WINDOWS\Temp
2008-10-12 00:38:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-11 23:52:09 ----D---- C:\mIRC
2008-10-11 14:54:16 ----SHD---- C:\WINDOWS\Installer
2008-10-11 14:54:13 ----D---- C:\Program\MSN Messenger
2008-10-11 13:05:41 ----RD---- C:\Program
2008-10-11 13:05:02 ----D---- C:\Program\Java
2008-10-11 12:12:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-11 12:10:34 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-11 12:09:15 ----A---- C:\WINDOWS\setuplog.txt
2008-10-11 12:08:29 ----D---- C:\WINDOWS\system32\Setup
2008-10-11 12:08:29 ----D---- C:\WINDOWS\AppPatch
2008-10-11 12:08:28 ----RSD---- C:\WINDOWS\Fonts
2008-10-11 12:08:28 ----D---- C:\WINDOWS\system32\wbem
2008-10-11 12:08:25 ----D---- C:\WINDOWS\system32\drivers
2008-10-11 12:07:48 ----D---- C:\WINDOWS\security
2008-10-11 12:07:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-11 12:06:58 ----A---- C:\WINDOWS\imsins.BAK
2008-10-11 12:04:11 ----D---- C:\WINDOWS\WinSxS
2008-10-11 12:04:08 ----D---- C:\WINDOWS\network diagnostic
2008-10-11 12:04:08 ----D---- C:\Program\Messenger
2008-10-11 12:04:07 ----D---- C:\WINDOWS\ime
2008-10-11 12:04:07 ----D---- C:\WINDOWS\Help
2008-10-11 12:04:03 ----D---- C:\WINDOWS\system32\usmt
2008-10-11 12:04:03 ----D---- C:\WINDOWS\system32\sv-se
2008-10-11 12:04:02 ----D---- C:\WINDOWS\PeerNet
2008-10-11 12:04:02 ----D---- C:\Program\Movie Maker
2008-10-11 12:02:42 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 12:02:42 ----D---- C:\WINDOWS\system32\npp
2008-10-11 12:02:41 ----D---- C:\WINDOWS\msagent
2008-10-11 12:02:40 ----D---- C:\WINDOWS\srchasst
2008-10-11 12:02:39 ----D---- C:\Program\NetMeeting
2008-10-11 12:02:38 ----D---- C:\WINDOWS\system32\Com
2008-10-11 12:02:37 ----D---- C:\Program\Windows NT
2008-10-11 12:02:37 ----D---- C:\Program\Windows Media Player
2008-10-11 12:02:37 ----D---- C:\Program\Outlook Express
2008-10-11 12:02:35 ----D---- C:\Program\Delade filer\System
2008-10-11 12:02:24 ----AD---- C:\WINDOWS\system32\oobe
2008-10-11 12:02:22 ----D---- C:\WINDOWS\system
2008-10-11 11:45:45 ----D---- C:\WINDOWS\Debug
2008-10-09 14:55:51 ----D---- C:\WINDOWS\system32\DirectX
2008-10-08 20:57:58 ----D---- C:\Documents and Settings\Nichma\Application Data\dvdcss
2008-10-06 22:52:34 ----D---- C:\Documents and Settings\Nichma\Application Data\Adobe
2008-10-05 21:23:46 ----D---- C:\Program\WinRAR
2008-10-04 17:21:25 ----D---- C:\Program\Delade filer\Adobe
2008-10-04 17:21:09 ----D---- C:\Program\Adobe
2008-10-04 17:19:52 ----RSD---- C:\WINDOWS\assembly
2008-10-04 17:08:11 ----D---- C:\Spel
2008-09-22 15:31:58 ----A---- C:\WINDOWS\avisplitter.INI
2008-09-16 18:05:50 ----D---- C:\Program\Delade filer\Blizzard Entertainment
2008-09-13 15:52:06 ----D---- C:\Program\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-03-10 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-03-10 18048]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-08 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-08 439424]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-08 142848]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-08 77824]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-08 1093632]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-11-09 25280]
R3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-08 114688]
R3 P1131VID;Creative WebCam NX Pro (WDM); C:\WINDOWS\system32\DRIVERS\P1131Vid.sys [2004-03-26 91241]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;HID-drivrutin för tangentbord; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 am041m3i;am041m3i; C:\WINDOWS\system32\drivers\am041m3i.sys []
S3 CCDECODE;Avkodare för dold textning; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-05-18 16880]
S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-anslutning; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Teletext-codec för världsstandard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2006-06-01 509440]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour-tjänst; C:\Program\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 RPCH;Remote Procedure Call (HPM); C:\Program\NetMeeting\Intell.exe [2006-07-11 458240]
S2 RPCM;Remote Procedure Manager(TPM); C:\Program\Common Files\Microsoft Shared\Speech\csvde.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-23 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program\Spyware Doctor\pctsAuxs.exe [2008-04-10 337800]
S3 sdCoreService;PC Tools Security Service; C:\Program\Spyware Doctor\pctsSvc.exe [2008-04-17 1017224]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

...info

info.txt logfile of random's system information tool 1.04 2008-10-12 11:37:29

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Heroes of Might and Magic(TM) III Armageddon's Blade-->C:\WINDOWS\IsUninst.exe -fC:\Spel\3DO\Heroes3\UnBlade.isu -c"C:\Spel\3DO\Heroes3\unblade.dll
-->"C:\Program\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\WINDOWS\IsUn041d.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\Setup.exe" -l0x9 /remove/remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional-->C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.07.24-->MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Armagetron Advanced 0.2.8.2.1.gcc-->C:\Spel\Armagetron Advanced\uninst.exe
Army Builder V2.2c-->C:\Spel\ARMYBU~1\UNWISE.EXE C:\Spel\ARMYBU~1\INSTALL.LOG
Athlon 64 Processor Driver-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x1d
avast! Antivirus-->C:\Program\Alwil Software\Avast4\aswRunDll.exe "C:\Program\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{014585C8-7557-11D4-9ABA-006067325E47}\setup.exe"
Baldur's Gate(TM) II - Throne of Bhaal (TM)-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"
Baldur's Gate-->C:\WINDOWS\IsUninst.exe -f"C:\Spel\Black Isle\Baldur's Gate\Uninst.isu"
BankID säkerhetsprogram 4.9.3-->"C:\Program\Personal\bin\persinst.exe" -u
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Corel Painter IX-->MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Creative Jukebox Driver-->C:\Program\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative PC-CAM Center-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\setup.exe" -l0x9 /remove
Creative WebCam Monitor-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x9 /remove
Creative WebCam NX Pro Driver (1.03.03.0326)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1131.uns -unsext NT -plugin P1131Pin.dll -pluginres P1131Pin.crl
Creative WebCam NX Pro User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program\Creative\Creative WebCam NX Pro\Creative WebCam NX Pro User's Guide\English\CTManual.isu"
Creative Zen Touch-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F13D54AA-EE45-4394-8510-C612A56FD9BC}\SETUP.EXE" -l0x9
Dawn of War - Soulstorm-->"C:\Program\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
Dawn Of War-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Dominions 3 (remove only)-->"C:\Spel\dominions3\uninstall.exe"
Dominions II (remove only)-->"C:\spel\dominions2\uninstall.exe"
Download Manager 2.3.6-->C:\Program\Download Manager\uninst.exe
Fallout-->C:\WINDOWS\ipuninst.exe -fC:\Spel\Fallout\uninst.log
Fallout2-->C:\WINDOWS\ipuninst.exe -fC:\Spel\Black Isle\Fallout2\uninst.log
FileZilla Client 3.1.1.1-->C:\Program\FileZilla FTP Client\uninstall.exe
Frets On Fire-->"C:\Spel\Frets on Fire\Uninstall.exe"
GameCenter-->C:\Program\Cyanide\GameCenter\uninstall.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program\google\googletoolbar2.dll"
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Guitar Pro 5.2-->"C:\Program\Guitar Pro 5\unins000.exe"
Hamachi 1.0.2.5-->C:\Program\Hamachi\uninstall.exe
Hellgate: London-->MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -fC:\Spel\Heroes2\DeIsL1.isu
Heroes of Might and Magic® III The Shadow of Death(TM)-->C:\WINDOWS\IsUninst.exe -fC:\Spel\3DO\Heroes3\Uninst.isu -c"C:\Spel\3DO\Heroes3\uninst.dll
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
InterVideo WinDVD-->"C:\Program\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
King's Bounty. The Legend (Remove Only)-->"C:\Spel\Atari\King's Bounty. The Legend\unins000.exe"
K-Lite Codec Pack 3.7.5 Full-->"C:\Program\K-Lite Codec Pack\unins000.exe"
LeechFTP -->C:\WINDOWS\eraser.exe KILL "C:\Program\LeechFTP\uninstall.uif"
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
MediaCoder 0.6.1-->C:\Program\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{8BA42EAE-19AD-4bf2-88C0-0232B1FBFDE2}
mIRC-->"C:\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.3)-->C:\Program\Mozilla Firefox\uninstall\helper.exe
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pirates of the Burning Sea-->"C:\Program\InstallShield Installation Information\{97EEB87F-2405-4DB7-85BD-D24DD3DDD6B2}\setup.exe" -runfromtemp -l0x0009 -removeonly
PlayLinc-->MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
PowerDVD-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Snabbkorrigering för Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Sound Blaster X-Fi-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spyware Doctor 5.5-->C:\Program\Spyware Doctor\unins000.exe /LOG
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold 2-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5-->C:\Program\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Messenger 5.1 MUI Pack-->MsiExec.exe /I{F3CBA4E6-436E-4B51-9651-93830EE38616}
Windows Messenger 5.1-->MsiExec.exe /I{9D1C26BD-E792-4159-9D16-07EA222D8EF0}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program\WinRAR\uninstall.exe
World of Warcraft Public Test-->C:\Program\Delade filer\Blizzard Entertainment\Burning Crusade-PTR\Uninstall.exe
World of Warcraft-->C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081011-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"HellgateEnv"=C:\Program\Flagship Studios\Hellgate London\
"CLASSPATH"=.;C:\Program\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
nimamaki
Active Member
 
Posts: 13
Joined: October 10th, 2008, 6:51 am

Re: Another HJT logfile

Unread postby Shaba » October 12th, 2008, 5:41 am

That looks good :)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another HJT logfile

Unread postby nimamaki » October 12th, 2008, 5:53 am

I don't know. I'll see if I can keep my WoW account now. :)
nimamaki
Active Member
 
Posts: 13
Joined: October 10th, 2008, 6:51 am

Re: Another HJT logfile

Unread postby Shaba » October 12th, 2008, 6:03 am

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

You can delete rsit and c:\rsit folder.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another HJT logfile

Unread postby nimamaki » October 12th, 2008, 6:13 am

Thanks alot! You've been a great help. I'ts amazing that you guys are providing this service free of charge. I'm very grateful! :D
nimamaki
Active Member
 
Posts: 13
Joined: October 10th, 2008, 6:51 am

Re: Another HJT logfile

Unread postby Shaba » October 15th, 2008, 4:09 am

nimamaki this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware