Krazypal Posted August 30, 2007 Report Share Posted August 30, 2007 Well... I'm trying to fix my moms comp here. Since she didn't have any firewall or antivirus program - it was a mess here. I've cleaned up a couple of hundred spyware, rojans and stuff but I have one prob... the BHO entries won't be deleted.I've tried in safe mode and some programs like xptools, adaware and asquared without success.Help!Here's the logfile:Logfile of HijackThis v1.99.1Scan saved at 19:55:11, on 2007-08-30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program\Alwil Software\Avast4\aswUpdSv.exeC:\Program\Alwil Software\Avast4\ashServ.exeC:\Program\a-squared Free\a2service.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program\Zone Labs\ZoneAlarm\zlclient.exeC:\Program\ALWILS~1\Avast4\ashDisp.exeC:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exeC:\Program\Java\jre1.5.0_06\bin\jusched.exeC:\Program\Opera\Opera.exeC:\Program\WinUtilities\WO.exeC:\Documents and Settings\Ägaren\Skrivbord\hijackthis\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)O2 - BHO: (no name) - {37D770DC-7684-506E-506F-B70AAFEB6F95} - (no file)O2 - BHO: (no name) - {3B54F794-786F-0118-4FF7-2319A73AE336} - (no file)O2 - BHO: (no name) - {42B4125A-8456-E674-1EAB-F008B3833B7C} - (no file)O2 - BHO: (no name) - {44E34F5D-DD47-7872-AC46-520661BABE29} - (no file)O2 - BHO: (no name) - {48014569-86A0-09D2-B74C-68DFC89AB093} - (no file)O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - (no file)O2 - BHO: (no name) - {5F4C15AC-0058-5C3E-822D-742B4125A084} - (no file)O2 - BHO: (no name) - {61BA9713-4C7D-321C-7CDA-2D19B793429D} - (no file)O2 - BHO: (no name) - {7060FA14-0E29-B33B-569A-AC425430C19B} - (no file)O2 - BHO: (no name) - {77E75C18-2847-DA08-D856-8452824004C7} - (no file)O2 - BHO: (no name) - {7CDBEDA5-3DCB-A735-5055-0A014758ED6B} - (no file)O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)O2 - BHO: (no name) - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - (no file)O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - (no file)O2 - BHO: (no name) - {847C1672-FB03-7621-DD34-036D3E8460FD} - (no file)O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [AAWTray] C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [XP Tools] C:\Program\XP Tools\xptools.exe /minO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exeO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeHope someone out there can help me with this.Thanx in advanceKrazy Link to post Share on other sites
jwbirdsong Posted August 30, 2007 Report Share Posted August 30, 2007 Is this a non english OS correct???Well we can get rid of these entires if they won't go w/ HJT. So just for my sake, so I can see it for my self plz do the followingYou NEED to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix.Open HijackThis and click on Do a system scan only. Place a check mark next to the following: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)O2 - BHO: (no name) - {37D770DC-7684-506E-506F-B70AAFEB6F95} - (no file)O2 - BHO: (no name) - {3B54F794-786F-0118-4FF7-2319A73AE336} - (no file)O2 - BHO: (no name) - {42B4125A-8456-E674-1EAB-F008B3833B7C} - (no file)O2 - BHO: (no name) - {44E34F5D-DD47-7872-AC46-520661BABE29} - (no file)O2 - BHO: (no name) - {48014569-86A0-09D2-B74C-68DFC89AB093} - (no file)O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - (no file)O2 - BHO: (no name) - {5F4C15AC-0058-5C3E-822D-742B4125A084} - (no file)O2 - BHO: (no name) - {61BA9713-4C7D-321C-7CDA-2D19B793429D} - (no file)O2 - BHO: (no name) - {7060FA14-0E29-B33B-569A-AC425430C19B} - (no file)O2 - BHO: (no name) - {77E75C18-2847-DA08-D856-8452824004C7} - (no file)O2 - BHO: (no name) - {7CDBEDA5-3DCB-A735-5055-0A014758ED6B} - (no file)O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)O2 - BHO: (no name) - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - (no file)O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - (no file)O2 - BHO: (no name) - {847C1672-FB03-7621-DD34-036D3E8460FD} - (no file)O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file) Close ALL other open windows and programs and click Fix checked.Reboot and post the following:Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. 1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your reply Link to post Share on other sites
Krazypal Posted August 31, 2007 Author Report Share Posted August 31, 2007 Thanx for your reply birdsong.Yes it's a swedish version of the OS - plz let me know if you need som help with the translations Here's the gigantic textfile(s) from the BSS-scan:Deckard's System Scanner v20070826.66Run by Ägaren on 2007-08-31 07:43:49Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2007-08-31 05:43:54 UTC - RP1 - SystemkontrollpunktBacked up registry hives.Performed disk cleanup.Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis (run as Ägaren.exe) ----------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of HijackThis v1.99.1Scan saved at 2007-08-31 07:45:46Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16512)Running processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program\Alwil Software\Avast4\aswUpdSv.exeC:\Program\Alwil Software\Avast4\ashServ.exeC:\Program\a-squared Free\a2service.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\system32\snmp.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\explorer.exeC:\Program\Zone Labs\ZoneAlarm\zlclient.exeC:\Program\Alwil Software\Avast4\ashDisp.exeC:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exeC:\Program\Java\jre1.5.0_06\bin\jusched.exeC:\Program\XP Tools\xptools.exeC:\WINDOWS\system32\ctfmon.exeC:\Program\XP Tools\xptools.exeC:\Documents and Settings\Ägaren\Mina dokument\dss.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [AAWTray] C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exeO4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKEY_LOCAL_MACHINE\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [XP Tools] C:\Program\XP Tools\xptools.exe /minO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/prot...b?1128430407905O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLLO18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dllO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dllO18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program\Delade filer\Microsoft Shared\Reference 2001\msero.dllO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE-- HijackThis Fixed Entries (C:\DOCUME~1\GAREN~1\SKRIVB~1\HIJACK~1\backups\) ---backup-20070830-154404-103 O2 - BHO: (no name) - {42B4125A-8456-E674-1EAB-F008B3833B7C} - (no file)backup-20070830-154404-113 O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htmbackup-20070830-154404-118 O2 - BHO: Class - {5367AF43-53A3-260E-9D79-0CDB4035A008} - C:\WINDOWS\system32\sdkdg32.dll (file missing)backup-20070830-154404-187 O2 - BHO: (no name) - {37D770DC-7684-506E-506F-B70AAFEB6F95} - (no file)backup-20070830-154404-240 O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)backup-20070830-154404-246 O2 - BHO: (no name) - {7060FA14-0E29-B33B-569A-AC425430C19B} - (no file)backup-20070830-154404-256 O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)backup-20070830-154404-264 O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)backup-20070830-154404-277 O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)backup-20070830-154404-289 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070830-154404-304 O2 - BHO: (no name) - {61BA9713-4C7D-321C-7CDA-2D19B793429D} - (no file)backup-20070830-154404-409 O2 - BHO: (no name) - {48014569-86A0-09D2-B74C-68DFC89AB093} - (no file)backup-20070830-154404-436 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157backup-20070830-154404-459 O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)backup-20070830-154404-468 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157backup-20070830-154404-474 O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)backup-20070830-154404-502 O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)backup-20070830-154404-515 O2 - BHO: (no name) - {7CDBEDA5-3DCB-A735-5055-0A014758ED6B} - (no file)backup-20070830-154404-516 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)backup-20070830-154404-534 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkarbackup-20070830-154404-541 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostbackup-20070830-154404-554 O2 - BHO: (no name) - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - (no file)backup-20070830-154404-566 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dllbackup-20070830-154404-622 O2 - BHO: (no name) - {77E75C18-2847-DA08-D856-8452824004C7} - (no file)backup-20070830-154404-629 O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)backup-20070830-154404-634 O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)backup-20070830-154404-646 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896backup-20070830-154404-670 O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)backup-20070830-154404-711 O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)backup-20070830-154404-716 O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - (no file)backup-20070830-154404-719 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = backup-20070830-154404-735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-154404-763 O8 - Extra context menu item: Download link using &BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htmbackup-20070830-154404-768 O2 - BHO: (no name) - {3B54F794-786F-0118-4FF7-2319A73AE336} - (no file)backup-20070830-154404-777 O2 - BHO: (no name) - {847C1672-FB03-7621-DD34-036D3E8460FD} - (no file)backup-20070830-154404-802 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896backup-20070830-154404-811 O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)backup-20070830-154404-832 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896backup-20070830-154404-865 O8 - Extra context menu item: Download all links using BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htmbackup-20070830-154404-872 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070830-154404-877 O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)backup-20070830-154404-911 O2 - BHO: (no name) - {44E34F5D-DD47-7872-AC46-520661BABE29} - (no file)backup-20070830-154404-912 O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)backup-20070830-154404-951 O2 - BHO: (no name) - {5F4C15AC-0058-5C3E-822D-742B4125A084} - (no file)backup-20070830-154404-963 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllbackup-20070830-154405-212 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)backup-20070830-154405-422 O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dllbackup-20070830-154405-535 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)backup-20070830-154405-611 O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dllbackup-20070830-154405-719 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exebackup-20070830-154405-927 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exebackup-20070830-154406-799 O11 - Options group: [iNTERNATIONAL] International*backup-20070830-154508-367 O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)backup-20070830-154508-672 O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)backup-20070830-154508-878 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070830-154508-956 O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)backup-20070830-183944-171 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070830-184650-648 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070830-184711-710 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070830-185230-628 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-185239-246 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-185239-335 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070830-185248-178 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-185248-841 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkarbackup-20070830-185248-847 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070830-185312-757 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exebackup-20070830-185342-704 O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /backgroundbackup-20070830-185342-790 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204backup-20070830-185344-485 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128776109608backup-20070830-185358-150 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-185358-794 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070830-185421-794 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070830-185434-353 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-185434-431 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070830-185521-806 O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)backup-20070830-185546-140 O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)backup-20070830-185546-229 O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)backup-20070830-185546-561 O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)backup-20070830-185546-689 O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)backup-20070830-185546-702 O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)backup-20070830-185546-728 O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)backup-20070830-185546-803 O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)backup-20070830-185546-876 O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)backup-20070830-185546-952 O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)backup-20070830-185546-994 O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)backup-20070830-185601-165 O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)backup-20070830-185601-196 O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)backup-20070830-185601-327 O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)backup-20070830-185601-358 O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)backup-20070830-185601-466 O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)backup-20070830-185601-480 O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)backup-20070830-185601-509 O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)backup-20070830-185601-599 O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)backup-20070830-185601-699 O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)backup-20070830-185601-893 O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)backup-20070830-185627-186 O2 - BHO: (no name) - {77E75C18-2847-DA08-D856-8452824004C7} - (no file)backup-20070830-185627-360 O2 - BHO: (no name) - {7CDBEDA5-3DCB-A735-5055-0A014758ED6B} - (no file)backup-20070830-185627-372 O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - (no file)backup-20070830-185627-578 O2 - BHO: (no name) - {7060FA14-0E29-B33B-569A-AC425430C19B} - (no file)backup-20070830-185627-745 O2 - BHO: (no name) - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - (no file)backup-20070830-185627-777 O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)backup-20070830-185627-781 O2 - BHO: (no name) - {61BA9713-4C7D-321C-7CDA-2D19B793429D} - (no file)backup-20070830-185627-890 O2 - BHO: (no name) - {5F4C15AC-0058-5C3E-822D-742B4125A084} - (no file)backup-20070830-185627-949 O2 - BHO: (no name) - {847C1672-FB03-7621-DD34-036D3E8460FD} - (no file)backup-20070830-185627-989 O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - (no file)backup-20070830-185628-152 O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)backup-20070830-185628-339 O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)backup-20070830-185628-574 O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)backup-20070830-185628-589 O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)backup-20070830-185628-703 O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)backup-20070830-185628-756 O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)backup-20070830-185628-848 O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)backup-20070830-185628-859 O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)backup-20070830-185628-884 O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)backup-20070830-185628-954 O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)backup-20070830-190906-195 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exebackup-20070830-190906-560 O4 - HKLM\..\RunServices: [winlog] winlog.exebackup-20070830-191005-166 O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)backup-20070830-191005-561 O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)backup-20070830-191020-250 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070830-191020-846 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070830-191039-132 O2 - BHO: (no name) - {37D770DC-7684-506E-506F-B70AAFEB6F95} - (no file)backup-20070830-191039-403 O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)backup-20070830-191039-548 O2 - BHO: (no name) - {44E34F5D-DD47-7872-AC46-520661BABE29} - (no file)backup-20070830-191039-562 O2 - BHO: (no name) - {3B54F794-786F-0118-4FF7-2319A73AE336} - (no file)backup-20070830-191039-609 O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)backup-20070830-191039-649 O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)backup-20070830-191039-804 O2 - BHO: (no name) - {42B4125A-8456-E674-1EAB-F008B3833B7C} - (no file)backup-20070830-191039-937 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070831-074311-182 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = backup-20070831-074311-392 O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)backup-20070831-074311-527 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = backup-20070831-074311-577 O2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)backup-20070831-074311-735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = backup-20070831-074312-156 O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)backup-20070831-074312-185 O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)backup-20070831-074312-195 O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)backup-20070831-074312-224 O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)backup-20070831-074312-252 O2 - BHO: (no name) - {5F4C15AC-0058-5C3E-822D-742B4125A084} - (no file)backup-20070831-074312-288 O2 - BHO: (no name) - {77E75C18-2847-DA08-D856-8452824004C7} - (no file)backup-20070831-074312-299 O2 - BHO: (no name) - {48014569-86A0-09D2-B74C-68DFC89AB093} - (no file)backup-20070831-074312-303 O2 - BHO: (no name) - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - (no file)backup-20070831-074312-369 O2 - BHO: (no name) - {61BA9713-4C7D-321C-7CDA-2D19B793429D} - (no file)backup-20070831-074312-394 O2 - BHO: (no name) - {37D770DC-7684-506E-506F-B70AAFEB6F95} - (no file)backup-20070831-074312-398 O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)backup-20070831-074312-448 O2 - BHO: (no name) - {847C1672-FB03-7621-DD34-036D3E8460FD} - (no file)backup-20070831-074312-451 O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)backup-20070831-074312-495 O2 - BHO: (no name) - {7CDBEDA5-3DCB-A735-5055-0A014758ED6B} - (no file)backup-20070831-074312-509 O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)backup-20070831-074312-575 O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)backup-20070831-074312-644 O2 - BHO: (no name) - {7060FA14-0E29-B33B-569A-AC425430C19B} - (no file)backup-20070831-074312-650 O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)backup-20070831-074312-658 O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)backup-20070831-074312-676 O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - (no file)backup-20070831-074312-686 O2 - BHO: (no name) - {44E34F5D-DD47-7872-AC46-520661BABE29} - (no file)backup-20070831-074312-765 O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)backup-20070831-074312-799 O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)backup-20070831-074312-822 O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - (no file)backup-20070831-074312-928 O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)backup-20070831-074312-932 O2 - BHO: (no name) - {42B4125A-8456-E674-1EAB-F008B3833B7C} - (no file)backup-20070831-074312-939 O2 - BHO: (no name) - {3B54F794-786F-0118-4FF7-2319A73AE336} - (no file)-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R0 HWFProt (Hywave File Protector HWFProt) - c:\windows\system32\drivers\hwfprot.sys <Not Verified; HyWave Corporation; HyWave 2003 for Windows NT/2K>R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>S3 cel90xbe - c:\docume~1\garen~1\lokala~1\temp\cel90xbe.sys (file missing)S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------All services whitelisted.-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}Description: StandardspelportDevice ID: ROOT\MEDIA000Manufacturer: (Standardsystemenheter)Name: StandardspelportPNP Device ID: ROOT\MEDIA000Service: gameenum-- Files created between 2007-07-31 and 2007-08-31 -----------------------------2007-08-30 21:10:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab2007-08-30 21:10:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab2007-08-30 19:42:47 0 d-------- C:\WINDOWS\system32\AppData2007-08-30 19:42:00 0 d-------- C:\Program\WinUtilities2007-08-30 19:41:17 0 d-------- C:\Program\Nsasoft2007-08-30 19:24:27 221184 --a------ C:\WINDOWS\system32\xtbaksm.dat2007-08-30 19:24:26 120 --a------ C:\WINDOWS\system32\bn.dll2007-08-30 19:23:48 0 d-------- C:\WINDOWS\system32\IOSUBSYS2007-08-30 19:23:48 44480 --a------ C:\WINDOWS\system32\drivers\HWFProt.sys <Not Verified; HyWave Corporation; HyWave 2003 for Windows NT/2K>2007-08-30 19:23:46 221184 --a------ C:\WINDOWS\system32\xtsupermenuhook.dll2007-08-30 19:23:45 6144 --a------ C:\WINDOWS\system32\SuperRes.dll2007-08-30 19:23:45 73728 --a------ C:\WINDOWS\system32\smh.dat <Not Verified; SuperLogix; SuperMenuHook>2007-08-30 19:23:45 89088 --a------ C:\WINDOWS\system32\Shreder.dll <Not Verified; ; Shreder Dynamic Link Library>2007-08-30 19:23:43 563712 --a------ C:\WINDOWS\system32\context.dll <Not Verified; SuperLogix; Enhancement to context menu>2007-08-30 19:23:41 0 d-------- C:\Program\XP Tools2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\WINDOWS2007-08-30 18:44:16 0 dr------- C:\Documents and Settings\Administratör\Start-meny2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\Skrivbord2007-08-30 18:44:16 0 d--h----- C:\Documents and Settings\Administratör\Skrivare2007-08-30 18:44:16 0 dr-h----- C:\Documents and Settings\Administratör\SendTo2007-08-30 18:44:16 0 dr-h----- C:\Documents and Settings\Administratör\Recent2007-08-30 18:44:16 0 d--h----- C:\Documents and Settings\Administratör\Nätverket2007-08-30 18:44:16 0 dr------- C:\Documents and Settings\Administratör\Mina dokument2007-08-30 18:44:16 0 d--h----- C:\Documents and Settings\Administratör\Mallar2007-08-30 18:44:16 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar2007-08-30 18:44:16 0 dr------- C:\Documents and Settings\Administratör\Favoriter2007-08-30 18:44:16 0 d--hs---- C:\Documents and Settings\Administratör\Cookies2007-08-30 18:44:16 0 dr-h----- C:\Documents and Settings\Administratör\Application Data2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\Application Data\VERITAS2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\Application Data\Symantec2007-08-30 18:44:16 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\Application Data\InterTrust2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\Application Data\Identities2007-08-30 18:44:16 0 d-------- C:\Documents and Settings\Administratör\Application Data\Adobe2007-08-30 18:44:15 786432 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT2007-08-30 10:26:42 0 d-------- C:\Program\a-squared Free2007-08-28 23:05:26 0 d-------- C:\Program\Lavasoft2007-08-28 23:05:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2007-08-28 23:04:08 0 d-------- C:\Program\Delade filer\Wise Installation Wizard2007-08-28 22:54:07 0 d-------- C:\Program\Alwil Software2007-08-07 13:58:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>2007-08-07 13:56:58 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>-- Find3M Report ---------------------------------------------------------------2007-08-28 23:04:08 0 d-------- C:\Program\Delade filer2007-06-13 23:31:24 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Zone Labs Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 19:09]"SBDrvDet"="C:\Program\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06]"avast!"="C:\Program\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]"AAWTray"="C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]"NvCplDaemon"="NvQTwk" []"SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"XP Tools"="C:\Program\XP Tools\xptools.exe" [2007-08-17 08:47]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"Suite"=regedit -s c:\windows\temp\adj_hp.reg[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"NoDispCPL"=0 (0x0)"NoDispSettingsPage"=0 (0x0)"NoDispScrSavPage"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoActiveDesktop"=0 (0x0)"NoViewContextMenu"=0 (0x0)"NoWinKeys"=0 (0x0)"NoShellSearchButton"=0 (0x0)"NoFileAssociate"=0 (0x0)"NoFileMenu"=0 (0x0)"NoFolderOptions"=0 (0x0)"NoFind"=0 (0x0)"NoRun"=0 (0x0)"NoClose"=0 (0x0)"NoCommonGroups"=0 (0x0)"NoRecentDocsHistory"=0 (0x0)"ClearRecentDocsOnExit"=0 (0x0)"NoLowDiskSpaceChecks"=1 (0x1)"NoSimpleStartMenu"=0 (0x0)"HideClock"=0 (0x0)"NoToolbarsOnTaskbar"=0 (0x0)"NoTrayItemsDisplay"=0 (0x0)"StartMenuLogoff"=0 (0x0)"NoSMHelp"=0 (0x0)"NoTrayContextMenu"=0 (0x0)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^hp center.lnk]backup=C:\WINDOWS\pss\hp center.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^TrayMin.lnk]backup=C:\WINDOWS\pss\TrayMin.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\26.tmp][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\26.tmp.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adddh32.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\addqb.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\addty.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]c:\program files\altnet\points manager\points manager.exe -s[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apica.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apiox32.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apiud.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]C:\WINDOWS\VM_STI.EXE Philips SPC 300NC PC Camera[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-StopW][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]c:\windows\system\hpsysdrv.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]C:\WINDOWS\System32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]C:\HP\KBD\KBD.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfccf.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfcym32.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]c:\Program\Microsoft Works\WkDetect.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msng.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msuk32.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]c:\Program\NORTON~1\navapw32.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]nwiz.exe /install[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]C:\WINDOWS\system32\ps2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]C:\WINDOWS\SMINST\RECGUARD.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdkng32.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowShifter X10 Daemon][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]C:\Program\MI948F~1\GAMECO~1\common\swtrayv4.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]"C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]C:\WINDOWS\UpdReg.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winbz32.exe][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"VETMSGNT"=2 (0x2)"CAISafe"=2 (0x2)"CaCCProvSP"=3 (0x3)"NVSvc"=2 (0x2)"LexBceS"=2 (0x2)"Creative Service for CDROM Access"=2 (0x2)"Ati HotKey Poller"=2 (0x2)-- Hosts -----------------------------------------------------------------------127.0.0.1 www.altnet.com127.0.0.1 search.kazaa.com127.0.0.1 www.kazaaplus.com127.0.0.1 ssa.kazaa.com127.0.0.1 ssm.kazaa.com127.0.0.1 www.cydoor.com127.0.0.1 ads.kazaa.com127.0.0.1 www.bullguard.com127.0.0.1 www.certifiedkazaa.com127.0.0.1 puma.kazaa.com12 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2007-08-31 07:49:37 ------------Deckard's System Scanner v20070826.66Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Home Edition (build 2600) SP 2.0Architecture: X86; Language: SwedishCPU 0: Intel® Celeron® CPU 2.00GHzPercentage of Memory in Use: 75%Physical Memory (total/avail): 255.48 MiB / 62.8 MiBPagefile Memory (total/avail): 618.52 MiB / 344.71 MiBVirtual Memory (total/avail): 2047.88 MiB / 1964.49 MiBA: is Removable (No Media)C: is Fixed (NTFS) - 33.87 GiB total, 22.58 GiB free. D: is Fixed (FAT32) - 4.4 GiB total, 1.64 GiB free. E: is CDROM (No Media)F: is CDROM (No Media)\\.\PHYSICALDRIVE0 - Maxtor 2F040J0 - 38.29 GiB - 2 partitions \PARTITION0 - Unknown - 4.4 GiB - D: \PARTITION1 (bootable) - Installerbart filsystem - 33.87 GiB - C:-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is disabled.AntivirusOverride is set.FW: ZoneAlarm Firewall v6.0.667.000 (Zone Labs, Inc.)AV: avast! antivirus 4.7.1029 [VPS 000770-0] v4.7.1029 (ALWIL Software)[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0""C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program\\hp center\\137903\\Program\\BackWeb-137903.exe"="C:\\Program\\hp center\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903""C:\\Program\\SmartFTP\\SmartFTP.exe"="C:\\Program\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client""C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0""C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""C:\\Program\\CA\\CA Internet Security Suite\\casecuritycenter.exe"="C:\\Program\\CA\\CA Internet Security Suite\\casecuritycenter.exe:*:Enabled:CA Security Center""C:\\Program\\CA\\CA Internet Security Suite\\CA Anti-Virus\\caav.exe"="C:\\Program\\CA\\CA Internet Security Suite\\CA Anti-Virus\\caav.exe:*:Enabled:CA Anti-Virus""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Žgaren\Application DataCommonProgramFiles=C:\Program\Delade filerCOMPUTERNAME=DITT-2T5NHGHEUGComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\ŽgarenLOGONSERVER=\\DITT-2T5NHGHEUGNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntelPROCESSOR_LEVEL=15PROCESSOR_REVISION=0207ProgramFiles=C:\ProgramPROMPT=$P$GSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\GAREN~1\LOKALA~1\TempTMP=C:\DOCUME~1\GAREN~1\LOKALA~1\Temptvdumpflags=8USERDOMAIN=DITT-2T5NHGHEUGUSERNAME=ŽgarenUSERPROFILE=C:\Documents and Settings\Žgarenwindir=C:\WINDOWS__COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------Ägaren (admin)Administratör (new local, admin)-- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUn041d.exe -fC:\WINDOWS\orun32.isu --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infa-squared Free 3.0 --> "C:\Program\a-squared Free\unins000.exe"Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Reader 7.0.9 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}AT&T WorldNet Setup 1.2 --> C:\PROGRA~1\WorldNet\wnun12.exe C:\PROGRA~1\WorldNetATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanavast! Antivirus --> rundll32 C:\Program\ALWILS~1\Avast4\Setup\setiface.dll,RunSetupAVI Codec Pack --> C:\Program\AVI Codec Pack\uninstall.exeBhoScanner 1.9 --> "C:\Program\Nsasoft\BhoScanner\unins000.exe"BitComet 0.89 --> C:\Program\BitComet\uninst.exeCole2k Media - Codec Pack (Advanced) --> C:\WINDOWS\system32\C2MP\Uninst.exeCreative MediaSource --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /removeeMusic Download Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program\eMusic Download Manager\Uninst.isu"Encarta Uppslagsverk 2001 --> MsiExec.exe /I{01200102-5D65-445A-B3B4-3DCE72BA0C6C}Fashion Cents 1.6.3 --> MsiExec.exe /I{C56B9449-32A9-4BD0-8262-7BCF963FCE26}Global Pets 2002 --> C:\WINDOWS\uninst.exe -f"C:\Kids\Global Pets 2002\DeIsL1.isu" -c"C:\Kids\Global Pets 2002\_ISREG32.DLL"HijackThis 1.99.1 --> C:\Program\http\hijackthis\HijackThis.exe /uninstallhp center --> C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903HSP56 World MicroModem Drivers --> ptuninst.exeHTML-Kit --> C:\Program\Chami\HTML-Kit\unins000.exeIntel® 845G Chipset Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exeKBD --> C:\HP\KBD\KBD.EXE uninstalledKMD Lite v2.6.0 --> "C:\Program\KMD Lite\unins000.exe"Lexmark Supplies Monitor --> C:\WINDOWS\system32\LXSMUNIN.EXELexmark Z65 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXALUN5C.EXE -dLexmark Z65Locomotion --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{77F45E76-E897-42CA-A9FE-5F56817D875C}\Setup.exe" -l0x9 LView Pro 2005 2nd Quarter - Trial Version --> "C:\Program\LView Pro 2005 2nd Quarter - Trial Version\Uninst.exe"Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exeMatch Maker --> C:\WINDOWS\ST5UNST.EXE -n "c:\Kids\Matchmaker\ST5UNST.LOG" Microsoft AutoRoute 2002 --> MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}Microsoft Links 2003 --> "C:\Program\Microsoft Games\Links 2003\UNINSTAL.EXE" /runtemp /addremoveMicrosoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}Microsoft Word 2002 --> MsiExec.exe /I{911B041D-6000-11D3-8CFE-0050048383C9}Microsoft Works 6.0 --> MsiExec.exe /I{0BCFCB36-46BD-11D4-BAE5-00C04F2A3A57}Monopoly Tycoon --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9Need For Speed - Porsche 2000 --> C:\WINDOWS\IsUn041d.exe -fC:\Program\ELECTR~1\NEEDFO~2\uninst.logNHL Eastside Hockey Manager --> MsiExec.exe /X{457F06F4-8887-4C4F-910D-02FE9FAFB082}NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.infOmar Sharif Bridge II (remove only) --> "C:\Program\Global Star Software\Omar Sharif Bridge II\Uninstall.exe"Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}Philips SPC 300NC PC Camera --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}\setup.exe" -l0x1d PS2 --> C:\WINDOWS\system32\ps2.exe uninstallRailroad Tycoon 3 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x9 Railroad Tycoon II --> C:\WINDOWS\uninst.exe -f"C:\Program\Railroad Tycoon II\DeIsL1.isu" -c"C:\Program\Railroad Tycoon II\_ISREG32.DLL"Railroad Tycoon II - Gold Edition --> C:\WINDOWS\uninst.exe -f"C:\Program\Railroad Tycoon II - Gold Edition\DeIsL1.isu" -c"C:\Program\Railroad Tycoon II - Gold Edition\_ISREG32.DLL"RecordNow --> MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}RecordNow Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}S3Display --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'S3Gamma2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'S3Info2 --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'S3Overlay --> s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOGShowShifter 1.60.1792 --> C:\WINDOWS\iun507.exe C:\Program\Home Media Networks Limited\ShowShifter\irunin.iniSideWinder Force Feedback Wheel (USB) --> C:\WINDOWS\IsUninst.exe -f"C:\Program\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninst.isu" -c"C:\Program\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninstall.dll"SmartFTP Client --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"Säkerhetsuppdatering för Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"Säkerhetsuppdatering för Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB926247) --> "C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"Solar Wars v1.40 --> C:\WINDOWS\st6unst.exe -n "C:\Spel\Solar Wars\ST6UNST.LOG" Sound Blaster Audigy 2 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x9 Steel Panthers World At War v8.20 --> C:\WINDOWS\iun6002.exe "C:\Spel\Matrix Games\Steel Panthers World At War\irunin.ini"Sudoku Sensation --> MsiExec.exe /I{DD26BF6E-2C0B-4788-8DBD-D675A33A071D}Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"Windows Live Safety Scanner --> RunDll32.exe "C:\Program\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCTWingMan Software --> MsiExec.exe /X{435673AB-6821-416D-806A-E477DFA60A42}WinRAR archiver --> C:\Program\WinRAR\uninstall.exeWinUtilities 5.27 --> C:\Program\WinUtilities\uninst.exeXP Tools Pro 7.5 --> "C:\Program\XP Tools\unins000.exe"ZoneAlarm --> C:\Program\Zone Labs\ZoneAlarm\zauninst.exe-- Application Event Log -------------------------------------------------------Event Record #/Type5016 / ErrorEvent Submitted/Written: 08/31/2007 07:46:47 AMEvent ID/Source: 11 / crypt32Event Description:Det gick inte att extrahera tredjepartsrotlista frÃ¥n autouppdaterings-CAB-filen vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras mot den aktuella systemklockan eller tidsstämpeln i den signerade filen.Event Record #/Type5013 / WarningEvent Submitted/Written: 08/31/2007 07:30:09 AMEvent ID/Source: 1015 / EvntAgntEvent Description:Parametern TraceLevel finns inte i registret.Följande standardspÃ¥rningsnivÃ¥ används istället: 32.Event Record #/Type5012 / WarningEvent Submitted/Written: 08/31/2007 07:30:08 AMEvent ID/Source: 1003 / EvntAgntEvent Description:Parametern TraceFileName finns inte i registret.StandardspÃ¥rningsfilen som används är .Event Record #/Type5010 / ErrorEvent Submitted/Written: 08/30/2007 08:21:57 PMEvent ID/Source: 1002 / Application HangEvent Description:Stoppat program wmplayer.exe, version 9.0.0.3250, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.Event Record #/Type5007 / WarningEvent Submitted/Written: 08/30/2007 08:15:04 PMEvent ID/Source: 1015 / EvntAgntEvent Description:Parametern TraceLevel finns inte i registret.Följande standardspÃ¥rningsnivÃ¥ används istället: 32.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type74415 / ErrorEvent Submitted/Written: 08/31/2007 07:30:37 AMEvent ID/Source: 7026 / Service Control ManagerEvent Description:Följande start- eller systemstartdrivrutin(er) avbröts pÃ¥ grund av fel under start: ASPI32Event Record #/Type74412 / ErrorEvent Submitted/Written: 08/31/2007 07:30:32 AMEvent ID/Source: 7001 / Service Control ManagerEvent Description:Tjänsten Fax är beroende av tjänsten Print Spooler. Den sistnämnda kunde inte starta pÃ¥ grund av följande fel: %%1068Event Record #/Type74411 / ErrorEvent Submitted/Written: 08/31/2007 07:30:32 AMEvent ID/Source: 7001 / Service Control ManagerEvent Description:Tjänsten Print Spooler är beroende av tjänsten LexBce Server. Den sistnämnda kunde inte starta pÃ¥ grund av följande fel: %%1058Event Record #/Type74406 / WarningEvent Submitted/Written: 08/30/2007 10:23:06 PMEvent ID/Source: 1003 / DhcpEvent Description:Datorn kunde inte förnya adressen frÃ¥n nätverket (frÃ¥n DHCP-servern)för nätverkskortet med nätverksadressen 0040CA450FF4. Följande fel uppstod:%%121.Datorn kommer att fortsätta försöka erhÃ¥lla en ny adress själv frÃ¥nDHCP-servern.Event Record #/Type74389 / ErrorEvent Submitted/Written: 08/30/2007 08:16:02 PMEvent ID/Source: 7026 / Service Control ManagerEvent Description:Följande start- eller systemstartdrivrutin(er) avbröts pÃ¥ grund av fel under start: ASPI32-- End of Deckard's System Scanner: finished at 2007-08-31 07:49:37 ------------We got rid of the first entries but the BHO's are still there. I did a hjt-log again for u:Logfile of HijackThis v1.99.1Scan saved at 07:59:23, on 2007-08-31Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program\Alwil Software\Avast4\aswUpdSv.exeC:\Program\Alwil Software\Avast4\ashServ.exeC:\Program\a-squared Free\a2service.exeC:\WINDOWS\System32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\Program\Zone Labs\ZoneAlarm\zlclient.exeC:\Program\ALWILS~1\Avast4\ashDisp.exeC:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exeC:\Program\Java\jre1.5.0_06\bin\jusched.exeC:\Program\XP Tools\xptools.exeC:\WINDOWS\system32\ctfmon.exeC:\Program\XP Tools\xptools.exeC:\Program\Opera\Opera.exeC:\Documents and Settings\Ägaren\Skrivbord\hijackthis\HijackThis.exeO2 - BHO: (no name) - {02B010E6-F55E-18F9-AFDC-5F03CBD884E6} - (no file)O2 - BHO: (no name) - {07B26288-C681-0065-E065-8201DD28A761} - (no file)O2 - BHO: (no name) - {30E404C8-9E52-6BCC-07B7-75B62569A989} - (no file)O2 - BHO: (no name) - {3675715F-7D53-0434-2B54-B10B3458B832} - (no file)O2 - BHO: (no name) - {37D770DC-7684-506E-506F-B70AAFEB6F95} - (no file)O2 - BHO: (no name) - {3B54F794-786F-0118-4FF7-2319A73AE336} - (no file)O2 - BHO: (no name) - {42B4125A-8456-E674-1EAB-F008B3833B7C} - (no file)O2 - BHO: (no name) - {44E34F5D-DD47-7872-AC46-520661BABE29} - (no file)O2 - BHO: (no name) - {48014569-86A0-09D2-B74C-68DFC89AB093} - (no file)O2 - BHO: (no name) - {5367AF43-53A3-260E-9D79-0CDB4035A008} - (no file)O2 - BHO: (no name) - {5F4C15AC-0058-5C3E-822D-742B4125A084} - (no file)O2 - BHO: (no name) - {61BA9713-4C7D-321C-7CDA-2D19B793429D} - (no file)O2 - BHO: (no name) - {7060FA14-0E29-B33B-569A-AC425430C19B} - (no file)O2 - BHO: (no name) - {77E75C18-2847-DA08-D856-8452824004C7} - (no file)O2 - BHO: (no name) - {7CDBEDA5-3DCB-A735-5055-0A014758ED6B} - (no file)O2 - BHO: (no name) - {7DD85366-D791-988B-E591-E8766F46FA72} - (no file)O2 - BHO: (no name) - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - (no file)O2 - BHO: (no name) - {822904F6-6515-F4CA-FCA6-3DD79347C0E0} - (no file)O2 - BHO: (no name) - {847C1672-FB03-7621-DD34-036D3E8460FD} - (no file)O2 - BHO: (no name) - {8A211D0F-A737-38A0-EA0A-D2480CDBEF01} - (no file)O2 - BHO: (no name) - {9D6A4232-5595-7E6F-2779-C942DCAB8455} - (no file)O2 - BHO: (no name) - {A66DF143-F487-E2C9-232E-3D99CC47A72F} - (no file)O2 - BHO: (no name) - {B756513C-B2A5-1805-60FF-E40570DBC936} - (no file)O2 - BHO: (no name) - {BCC63C42-67AA-A5DB-877D-963D27AD9AFA} - (no file)O2 - BHO: (no name) - {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B} - (no file)O2 - BHO: (no name) - {E66F4233-2A70-2CDE-18E8-550B593208D5} - (no file)O2 - BHO: (no name) - {F322A8AF-EF0E-13F8-1E57-1BF7314624F9} - (no file)O2 - BHO: (no name) - {F82406AA-AA26-0FEF-2943-600622AB7AB5} - (no file)O2 - BHO: (no name) - {FD4A74BF-5712-24E2-4DA7-6711D4FD291B} - (no file)O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKLM\..\Run: [sBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [AAWTray] C:\Program\Lavasoft\Ad-Aware 2007\AAWTray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exeO4 - HKCU\..\Run: [XP Tools] C:\Program\XP Tools\xptools.exe /minO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program\a-squared Free\a2service.exeO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to post Share on other sites
Krazypal Posted August 31, 2007 Author Report Share Posted August 31, 2007 Oh... btw - I did the Kaspersky online scan as well yezzzterday night - took some hours. But it did find those two entries:C:\Program\http\fp2006-final-3.00-setup.exe/file1626 Infected: not-virus:BadJoke.JS.RJump skipped C:\Program\http\fp2006-final-3.00-setup.exe Inno: infected - 1 skippedJust delete in safe mode? Link to post Share on other sites
jwbirdsong Posted September 6, 2007 Report Share Posted September 6, 2007 Just delete in safe mode?YeahSorry it appears I didn't get a notice of your reply..I'll post after work today. Sorry Link to post Share on other sites
jwbirdsong Posted September 7, 2007 Report Share Posted September 7, 2007 (edited) Copy the following to Notepad (make sure you 1st line is REGEDIT4)and save it to your desktop as "fix.reg"...when naming the file make sure to use quotes just as I did.REGEDIT4[-HKEY_CLASSES_ROOT\CLSID\{02B010E6-F55E-18F9-AFDC-5F03CBD884E6}][-HKEY_CLASSES_ROOT\CLSID\{07B26288-C681-0065-E065-8201DD28A761}] [-HKEY_CLASSES_ROOT\CLSID\{30E404C8-9E52-6BCC-07B7-75B62569A989}] [-HKEY_CLASSES_ROOT\CLSID\{3675715F-7D53-0434-2B54-B10B3458B832}] [-HKEY_CLASSES_ROOT\CLSID\{37D770DC-7684-506E-506F-B70AAFEB6F95}][-HKEY_CLASSES_ROOT\CLSID\{3B54F794-786F-0118-4FF7-2319A73AE336}] [-HKEY_CLASSES_ROOT\CLSID\ {42B4125A-8456-E674-1EAB-F008B3833B7C}] [-HKEY_CLASSES_ROOT\CLSID\{44E34F5D-DD47-7872-AC46-520661BABE29}][-HKEY_CLASSES_ROOT\CLSID\{48014569-86A0-09D2-B74C-68DFC89AB093}][-HKEY_CLASSES_ROOT\CLSID\{5367AF43-53A3-260E-9D79-0CDB4035A008}] [-HKEY_CLASSES_ROOT\CLSID\{5F4C15AC-0058-5C3E-822D-742B4125A084}] [-HKEY_CLASSES_ROOT\CLSID\{61BA9713-4C7D-321C-7CDA-2D19B793429D}] [-HKEY_CLASSES_ROOT\CLSID\{7060FA14-0E29-B33B-569A-AC425430C19B}] [-HKEY_CLASSES_ROOT\CLSID\{77E75C18-2847-DA08-D856-8452824004C7}] [-HKEY_CLASSES_ROOT\CLSID\ {7CDBEDA5-3DCB-A735-5055-0A014758ED6B}] [-HKEY_CLASSES_ROOT\CLSID\ {7DD85366-D791-988B-E591-E8766F46FA72}] [-HKEY_CLASSES_ROOT\CLSID\ {7E35BA92-B311-70A1-8E0E-EE430F0CC372}] [-HKEY_CLASSES_ROOT\CLSID\{822904F6-6515-F4CA-FCA6-3DD79347C0E0}][-HKEY_CLASSES_ROOT\CLSID\{847C1672-FB03-7621-DD34-036D3E8460FD}][-HKEY_CLASSES_ROOT\CLSID\ {8A211D0F-A737-38A0-EA0A-D2480CDBEF01}] [-HKEY_CLASSES_ROOT\CLSID\{9D6A4232-5595-7E6F-2779-C942DCAB8455}][-HKEY_CLASSES_ROOT\CLSID\{A66DF143-F487-E2C9-232E-3D99CC47A72F}][-HKEY_CLASSES_ROOT\CLSID\{B756513C-B2A5-1805-60FF-E40570DBC936}][-KEY_CLASSES_ROOT\CLSID\{BCC63C42-67AA-A5DB-877D-963D27AD9AFA}] [-HKEY_CLASSES_ROOT\CLSID\ {BE39619D-2F5C-5C5D-24AA-44CE33AF3E2B}] [-HKEY_CLASSES_ROOT\CLSID\{E66F4233-2A70-2CDE-18E8-550B593208D5}] [-HKEY_CLASSES_ROOT\CLSID\{F322A8AF-EF0E-13F8-1E57-1BF7314624F9} ][-HKEY_CLASSES_ROOT\CLSID\{F82406AA-AA26-0FEF-2943-600622AB7AB5} ][-HKEY_CLASSES_ROOT\CLSID\{FD4A74BF-5712-24E2-4DA7-6711D4FD291B}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]If saved correctly it should have an icon like this Go to the desktop and Right Click in fix.reg then choose Merge You will be asked "Are you sure you wish to merge...??" Answser yes.Reboot and post a new HijackThis log Edited September 7, 2007 by jwbirdsong typo Link to post Share on other sites
Recommended Posts