[heir]

Hi

My sons comp has been strange a while.

I'v run through the pre posting guide.

Panda Online scan hangs after 66%
There is a pop-window asking me to choose a profile.
Doesn't matter what I choose in this window - Panda online scan exits

Here is the HJT-log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:22, on 2008-04-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tray\wintmr.exe
C:\WINDOWS\system32\cc32\webtmr.exe
C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\cchservice.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Ahead\InCD\InCD.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Razer\DeathAdder\razertra.exe
C:\Program\Razer\DeathAdder\razerofa.exe
C:\Program\DNA\btdna.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program\Delade filer\Tray\ccexec.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\Tray\wintmr.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158043479671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197905340828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9990 bytes


Hope you experts finds something so that my son will get a faster comp and get happier

heir



PS.
As I am in training I will follow this cleaning processs closely - as I can view both ends of it.

[Advertisements]

Ah my replacement in training - cool

As it has been a day or so I would like a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Essexboy]

Ah my replacement in training - cool

As it has been a day or so I would like a fresh look at your system

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[heir]

Hi Essexsboy!

Well my sons comp kinda slow and freezes from time to time.
I'm also having problem installing a gaming software dotA- client
I tried to get help in games forum from starjax.
He thought it might be malware. So I'm just making sure before I find the solution to the game installation

And I'll be watching this as practice.

Here are the main.txt

Deckard's System Scanner v20071014.68
Run by Leif on 2008-04-11 23:52:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-04-11 21:52:12 UTC - RP13 - Deckard's System Scanner Restore Point
11: 2008-04-10 22:13:40 UTC - RP12 - Systemkontrollpunkt
10: 2008-04-09 21:55:14 UTC - RP11 - Systemkontrollpunkt
9: 2008-04-08 21:23:06 UTC - RP10 - Removed Google Toolbar for Internet Explorer
8: 2008-04-08 21:19:19 UTC - RP9 - Installed Google Toolbar for Internet Explorer


-- First Restore Point -- 
1: 2008-04-07 16:13:00 UTC - RP2 - start


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Leif.exe) ------------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-11 23:53:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE
C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cchservice.exe
C:\Program\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\tray\wintmr.exe
C:\WINDOWS\system32\cc32\webtmr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Ahead\InCD\InCD.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Razer\DeathAdder\razerhid.exe
C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE
C:\Program\Razer\DeathAdder\razertra.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program\Razer\DeathAdder\razerofa.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\DNA\btdna.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Leif\Skrivbord\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program\Delade filer\Tray\ccexec.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Delade filer\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\Tray\wintmr.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158043479671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197905340828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1207689531_7973aca71da0d6fcbc99b5748363c473&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\system32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program\RealVNC\VNC4\winvnc4.exe


--
End of file - 11789 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SASDIFSV - c:\program\superantispyware\sasdifsv.sys
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
R3 NETGEAR_WG311T_SERVICE (NETGEAR WG311T Wireless Adapter Service) - c:\windows\system32\drivers\wg311tn5.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 SASENUM - c:\program\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>

S3 CA500AI (TRUST, WDM Still Image Capture, Version 1.3.3.0) - c:\windows\system32\drivers\minbulk.sys (file missing)
S3 CA500AV (TRUST, WDM Video Capture) - c:\windows\system32\drivers\ca500av.sys (file missing)
S3 CtUsbMs (Creative HID USB Filter Driver) - c:\windows\system32\drivers\ctusbms.sys <Not Verified; Creative Technology Pte Ltd; Creative Fatal1ty Mouse>
S3 dump_wmimmc - c:\program\gpotato\flyff\gameguard\dump_wmimmc.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NETGEAR_WG311_SERVICE (NETGEAR WG311 Wireless PCI Adapter Service) - c:\windows\system32\drivers\wg311nd5.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 RushTopDevice - c:\program\msi\core center\rushtop.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 nTuneService (nTune Service) - c:\program\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 STI Simulator - c:\windows\system32\pastisvc.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-31 20:00:00	   620 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Kör fullständig systemsökning - Leif.job


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-08 23:19:46		 0 d-------- C:\WINDOWS\Sun
2008-04-08 23:19:46		 0 d-------- C:\Documents and Settings\Leif\Application Data\Sun
2008-04-08 23:19:21		 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-08 23:18:24		 0 d-------- C:\Program\Java
2008-04-08 23:17:37		 0 d-------- C:\Program\Delade filer\Java
2008-04-08 22:20:09		 0 d-------- C:\Program\Trend Micro
2008-04-08 18:01:19		 0 d-------- C:\Documents and Settings\Joakim\Application Data\Grisoft
2008-04-08 07:00:47		 0 d-------- C:\Program\Panda Security
2008-04-07 20:52:56		 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 20:52:45		 0 d-------- C:\Program\SUPERAntiSpyware
2008-04-07 20:52:45		 0 d-------- C:\Documents and Settings\Leif\Application Data\SUPERAntiSpyware.com
2008-04-07 18:24:28		 0 d-------- C:\Documents and Settings\Leif\Application Data\Grisoft
2008-04-07 18:24:10		 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-06 17:58:10		 0 d-------- C:\Program\DotA Gaming Network
2008-03-23 22:19:57		 0 d-------- C:\Program\StepMania CVS
2008-03-16 16:34:05		 0 d-------- C:\Anime


-- Find3M Report ---------------------------------------------------------------

2008-04-11 23:53:47		 0 d-------- C:\Program\Delade filer\Symantec Shared
2008-04-11 23:47:02		 0 d-------- C:\Documents and Settings\Leif\Application Data\DNA
2008-04-11 23:46:24	   284 --ah----- C:\WINDOWS\system32\SWCTL.DLL
2008-04-09 07:15:18		 0 d-------- C:\Program\Google
2008-04-08 23:17:37		 0 d-------- C:\Program\Delade filer
2008-04-08 23:01:26		 0 d-------- C:\Program\Warcraft III
2008-04-08 22:47:04		 0 d-------- C:\Program\Maxis
2008-04-08 22:34:56		 0 d--h----- C:\Program\InstallShield Installation Information
2008-04-08 22:33:49		 0 d-------- C:\Program\WebEye
2008-04-08 22:33:19		 0 d-------- C:\Program\VP-EYE
2008-04-07 20:52:25		 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-04-06 22:05:48		 0 d-------- C:\Program\StepMania
2008-04-06 21:42:43		 0 d-------- C:\Program\StepMania 3.95 Mod
2008-03-30 11:12:04	422164 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-03-30 11:12:04	 81616 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-03-27 17:25:53		 0 d-------- C:\Documents and Settings\Leif\Application Data\U3
2008-03-25 15:41:45		 0 d-------- C:\Program\WhatPulse
2008-02-14 20:05:24	 69528 --a------ C:\WINDOWS\War3Unin.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51	316784	--a------	C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 19:17	116088	--a------	C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Gear311T"="C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-11-11 19:29]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22]
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-13 22:32 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-09-13 22:32 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2006-09-13 22:32 C:\WINDOWS\Alcmtr.exe]
"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"InCD"="C:\Program\Ahead\InCD\InCD.exe" [2006-03-23 17:06]
"NVIDIA nTune"="C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-05-01 15:43]
"RegistryMechanic"="" []
"Logitech Hardware Abstraction Layer"="C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-05-29 17:05]
"DeathAdder"="C:\Program\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40]
"ChicoSys"="C:\WINDOWS\system32\cc32\webtmr.exe" [2007-11-27 21:02]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2008-01-31 14:15]
"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" [2007-08-24 22:53]
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34]
"CCWinTray"="C:\WINDOWS\Tray\wintmr.exe" [2007-11-27 21:02]
"BitTorrent DNA"="C:\Program\DNA\btdna.exe" [2008-04-11 23:46]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-08 18:40]

C:\Documents and Settings\Leif\Start-meny\Program\Autostart\
Adobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"DisableClock"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoMultiIE"=0 (0x0)
"LWA"=0 (0x0)
"LWB"=0 (0x0)
"LWC"=0 (0x0)
"LWD"=0 (0x0)
"LWE"=0 (0x0)
"LWF"=0 (0x0)
"LWG"=0 (0x0)
"LWH"=0 (0x0)
"LWI"=0 (0x0)
"LWJ"=0 (0x0)
"LWK"=0 (0x0)
"LWL"=0 (0x0)
"LWM"=0 (0x0)
"LWN"=0 (0x0)
"LWO"=0 (0x0)
"LWP"=0 (0x0)
"LWQ"=0 (0x0)
"LWR"=0 (0x0)
"LWS"=0 (0x0)
"LWT"=0 (0x0)
"LWU"=0 (0x0)
"LWV"=0 (0x0)
"LWW"=0 (0x0)
"LWX"=0 (0x0)
"LWY"=0 (0x0)
"LWZ"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\Program\Delade filer\Tray\ccexec.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2008-04-08 18:40 294912 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Snabbstarta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program\valve\steam\steam.exe" -silent


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef9884f-8613-11dc-a9af-0016176d8f6a}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b45f6aa-6080-11dc-a965-0016176d8f6a}]
AutoRun\command- I:\LaunchU3.exe -a

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-11 23:54:52 ------------

and here the extra.txt

[code=auto:0]Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1023.36 MiB / 478 MiB
Pagefile Memory (total/avail): 2460.36 MiB / 1850.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 117.34 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250823A - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installerbart filsystem - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\setup\\HPZNET01.EXE"="D:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\\setup\\HPONICIFS01.EXE"="D:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program\\Valve\\Steam\\SteamApps\\b43qqqqqq\\counter-strike source\\hl2.exe"="C:\\Program\\Valve\\Steam\\SteamApps\\b43qqqqqq\\counter-strike source\\hl2.exe:*:Disabled:hl2"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program\\DNA\\btdna.exe"="C:\\Program\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program\\BitTorrent\\bittorrent.exe"="C:\\Program\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Leif\Application Data
CLASSPATH=C:\Program\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=JOAKIMS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Leif
LANG=C
LOGONSERVER=\\JOAKIMS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\Support Tools\;C:\Program\Delade filer\Adobe\AGL;C:\Program\Delade filer\Teleca Shared;C:\Program\Delade filer\GTK\2.0\bin;C:\Program\QuickTime\QTSystem\;C:\Program\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Leif\LOKALA~1\Temp
TMP=C:\DOCUME~1\Leif\LOKALA~1\Temp
USERDOMAIN=JOAKIMS
USERNAME=Leif
USERPROFILE=C:\Documents and Settings\Leif
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Leif [I](admin)[/I]
Joakim
Test
kalle [I](new local)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program\Symantec\LiveUpdate\LSETUP.EXE" /U
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (endast avinstallation) --> "C:\Program\Delade filer\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ASUS Enhanced Display Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS GameFace Library --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS GameLiveShow --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995}
ASUS SmartDoctor --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033
ASUS Utilities --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1053
ASUS VideoSecurity Online --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
AVG Anti-Spyware 7.5 --> C:\Program\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVIConverter 3.0 --> C:\Program\AVIConverter\uninst.exe
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
CC_ccProxyExt --> MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore --> MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
Chessmaster 10th Edition --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Child Control --> C:\Program\Salfeld\Chico07\chicoset.exe /uninstall
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DNA --> "C:\Program\DNA\btdna.exe" /UNINSTALL
DotA Client Build b1.8 (Final Beta) --> "C:\Program\DotA Gaming Network\unins000.exe"
Elasto Mania --> C:\Program\ELASTO~1\UNWISE.EXE C:\Program\ELASTO~1\INSTALL.LOG
Fraps --> "C:\Program\Fraps\uninstall.exe"
Frets On Fire --> "C:\Program\Frets on Fire\Uninstall.exe"
GameFace Messenger --> C:\WINDOWS\iun6002.exe "C:\Program\GameFace Messenger\irunin.ini"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GG E-Sports Platform --> C:\Program\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Earth --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ 2.10.6-1 runtime environment --> "C:\Program\Delade filer\GTK\2.0\setup\unins000.exe"
Hamachi 1.0.2.1 --> C:\Program\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech SetPoint --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x1d -removeonly
MGI PhotoSuite III SE (Remove Only) --> "C:\Program\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
MGI VideoWave III (Remove Only) --> C:\WINDOWS\IsUninst.exe -fC:\Program\MGI\VideoWave\Uninst.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Standard --> MsiExec.exe /I{9112041D-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program\mIRC\mirc.exe" -uninstall
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR Wireless Adapter WG311T --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A49306CE-84C6-4024-BAD2-80FE34679069}\Setup.exe" -l0x9
Norton Add-on Pack (Symantec Corporation) --> "C:\Program\Delade filer\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_0_0_61\Setup.exe" /X
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program\Delade filer\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1053
Panda ActiveScan 2.0 --> C:\Program\Panda Security\ActiveScan 2.0\as2uninst.exe
Parental Control --> MsiExec.exe /I{66B9BD1F-4189-4f35-BD82-9948720A04CF}
QuickTime --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1053
Razer DeathAdder(TM) Mouse --> C:\Program\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\Setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1d -removeonly
Registry Mechanic 6.0 --> "C:\Program\Registry Mechanic\unins000.exe"
Sansa Media Converter --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x1d
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.

[heir]

Dam it the extra.txt got cut off in the end.

Are the rest of this log needed?
In that case You'll get in morning cause my sons going to sleep.
(This is typed from my comp)

(Ah saw you Rorschah112 taking a peek at this log)

heir

[heir]

Here comes a complete extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Swedish

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1023.36 MiB / 478 MiB
Pagefile Memory (total/avail): 2460.36 MiB / 1850.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 117.34 GiB free. 
D: is CDROM (No Media)
E: is CDROM (Unformatted)
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250823A - 232.88 GiB - 1 partition
  \PARTITION0 (bootable) - Installerbart filsystem - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v15.0.0.60 (Symantec Corporation)
AV: Norton Internet Security v15.0.0.60 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\setup\\HPZNET01.EXE"="D:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\\setup\\HPONICIFS01.EXE"="D:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program\\Valve\\Steam\\SteamApps\\b43qqqqqq\\counter-strike source\\hl2.exe"="C:\\Program\\Valve\\Steam\\SteamApps\\b43qqqqqq\\counter-strike source\\hl2.exe:*:Disabled:hl2"
"C:\\Program\\MSN Messenger\\msncall.exe"="C:\\Program\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program\\DNA\\btdna.exe"="C:\\Program\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program\\BitTorrent\\bittorrent.exe"="C:\\Program\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Leif\Application Data
CLASSPATH=C:\Program\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=JOAKIMS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Leif
LANG=C
LOGONSERVER=\\JOAKIMS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\Support Tools\;C:\Program\Delade filer\Adobe\AGL;C:\Program\Delade filer\Teleca Shared;C:\Program\Delade filer\GTK\2.0\bin;C:\Program\QuickTime\QTSystem\;C:\Program\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Leif\LOKALA~1\Temp
TMP=C:\DOCUME~1\Leif\LOKALA~1\Temp
USERDOMAIN=JOAKIMS
USERNAME=Leif
USERPROFILE=C:\Documents and Settings\Leif
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Leif [I](admin)[/I]
Joakim
Test
kalle [I](new local)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Program\Symantec\LiveUpdate\LSETUP.EXE" /U
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\Program\Lavasoft\AD-AWA~1\UNWISE.EXE C:\Program\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (endast avinstallation) --> "C:\Program\Delade filer\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ASUS Enhanced Display Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9  -removeonly
ASUS GameFace Library --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D} 
ASUS GameLiveShow --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995} 
ASUS SmartDoctor --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033 
ASUS Utilities --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1053 
ASUS VideoSecurity Online --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7} 
AVG Anti-Spyware 7.5 --> C:\Program\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVIConverter 3.0 --> C:\Program\AVIConverter\uninst.exe
Bonus --> MsiExec.exe /I{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}
CC_ccProxyExt --> MsiExec.exe /I{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
ccPxyCore --> MsiExec.exe /I{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}
Chessmaster 10th Edition --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F} 
Child Control --> C:\Program\Salfeld\Chico07\chicoset.exe /uninstall
CIB --> MsiExec.exe /I{E8176C35-0C2D-4142-9ED4-81861ECAB403}
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Counter-Strike(TM) --> MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DNA --> "C:\Program\DNA\btdna.exe" /UNINSTALL
DotA Client Build b1.8 (Final Beta) --> "C:\Program\DotA Gaming Network\unins000.exe"
Elasto Mania --> C:\Program\ELASTO~1\UNWISE.EXE C:\Program\ELASTO~1\INSTALL.LOG
Fraps --> "C:\Program\Fraps\uninstall.exe"
Frets On Fire --> "C:\Program\Frets on Fire\Uninstall.exe"
GameFace Messenger --> C:\WINDOWS\iun6002.exe "C:\Program\GameFace Messenger\irunin.ini"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GG E-Sports Platform --> C:\Program\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Earth --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
GTK+ 2.10.6-1 runtime environment --> "C:\Program\Delade filer\GTK\2.0\setup\unins000.exe"
Hamachi 1.0.2.1 --> C:\Program\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech SetPoint --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x1d  -removeonly
MGI PhotoSuite III SE (Remove Only) --> "C:\Program\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
MGI VideoWave III (Remove Only) --> C:\WINDOWS\IsUninst.exe -fC:\Program\MGI\VideoWave\Uninst.isu
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Standard --> MsiExec.exe /I{9112041D-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program\mIRC\mirc.exe" -uninstall
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR Wireless Adapter WG311T --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A49306CE-84C6-4024-BAD2-80FE34679069}\Setup.exe" -l0x9 
Norton Add-on Pack (Symantec Corporation) --> "C:\Program\Delade filer\Symantec Shared\SymSetup\{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}_2_0_0_61\Setup.exe" /X
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{D4BB907A-623E-4F07-8787-041ABAE088E4}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program\Delade filer\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1053 
Panda ActiveScan 2.0 --> C:\Program\Panda Security\ActiveScan 2.0\as2uninst.exe
Parental Control --> MsiExec.exe /I{66B9BD1F-4189-4f35-BD82-9948720A04CF}
QuickTime --> C:\Program\DELADE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1053 
Razer DeathAdder(TM) Mouse --> C:\Program\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\Setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1d  -removeonly
Registry Mechanic 6.0 --> "C:\Program\Registry Mechanic\unins000.exe"
Sansa Media Converter --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x1d 
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB913433) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Media Manager 2.2 --> MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 7.0 --> MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only) --> "C:\Program\StepMania\uninstall.exe"
StepMania CVS (remove only) --> "C:\Program\StepMania CVS\uninstall.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The GIMP 2.2.13 --> "C:\Program\GIMP-2.0\unins000.exe"
UnzipThemAll 1.3 --> "C:\Program\UnzipThemAll\unins000.exe"
Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WC3Banlist --> "C:\Program\WC3Banlist\unins000.exe"
Ventrilo --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
WinPcap 4.0.2 --> C:\Program\WinPcap\uninstall.exe
VNC Free Edition 4.1.2 --> "C:\Program\RealVNC\VNC4\unins000.exe"
World of Warcraft --> C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type10826 / Error
Event Submitted/Written: 04/11/2008 11:51:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program iexplore.exe, version 7.0.6000.16608, felaktig modul unknown, version 0.0.0.0, felaktig adress 0x022b1001.
Mediespecifik händelse behandlas för [iexplore.exe!ws!]

Event Record #/Type10821 / Warning
Event Submitted/Written: 04/11/2008 11:44:43 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10672 / Warning
Event Submitted/Written: 04/10/2008 07:10:07 AM / 04/10/2008 07:10:08 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10596 / Warning
Event Submitted/Written: 04/09/2008 07:16:01 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10576 / Error
Event Submitted/Written: 04/08/2008 11:22:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Felaktigt program iexplore.exe, version 7.0.6000.16608, felaktig modul googletoolbar1.dll, version 4.0.1306.3130, felaktig adress 0x00061c75.
Mediespecifik händelse behandlas för [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type80563 / Error
Event Submitted/Written: 04/11/2008 11:47:42 PM
Event ID/Source: 8032 / BROWSER
Event Description:
Tjänsten Browser har misslyckats för många gånger med att hämta backup-listan på transporten \Device\NetBT_Tcpip_{4BBADA5E-5FF9-4758-8948-DECA7AD1F5AB}.
Backup-browsern stoppas.

Event Record #/Type80545 / Error
Event Submitted/Written: 04/11/2008 11:45:56 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på grund av följande fel: 
%%1053

Event Record #/Type80544 / Error
Event Submitted/Written: 04/11/2008 11:45:56 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk LiveUpdate-schemaläggare ska ansluta.

Event Record #/Type80543 / Warning
Event Submitted/Written: 04/11/2008 11:45:34 PM
Event ID/Source: 8021 / BROWSER
Event Description:
Tjänsten Browser kunde inte erhålla listan med servrar från master browser \\LEIFS på nätverk \Device\NetBT_Tcpip_{4BBADA5E-5FF9-4758-8948-DECA7AD1F5AB}.
Datan är felkoden.

Event Record #/Type80515 / Error
Event Submitted/Written: 04/10/2008 06:40:01 PM
Event ID/Source: 8032 / BROWSER
Event Description:
Tjänsten Browser har misslyckats för många gånger med att hämta backup-listan på transporten \Device\NetBT_Tcpip_{4BBADA5E-5FF9-4758-8948-DECA7AD1F5AB}.
Backup-browsern stoppas.



-- End of Deckard's System Scanner: finished at 2008-04-11 23:54:52 ------------

I know its a swedish OS.
If you need something translated just let me know.
I'm the chat room also - not so much to day then - were celebrating me and my mother in law birthdays.

heir

Edited by heir, 12 April 2008 - 02:59 AM.

[Essexboy]

Hi again heir hope you didn't drink too much

OK I found a suspicious driver that research indicates is malicious. However, on the gamebound forum they insist it is not and is used to circumvent AVG detections. There is this link here for that http://forums.ijji.c...ad.php?t=161849

But for me I would tend to agree with Prevx http://fileinfo.prev...WMIMMC.SYS.html 'cos a programme that needs to divert your Antivirus is in my books definitely a no no

By the way you are getting more information than normal as you are under training I am a softie

So I will delete the driver using combofix :

First download Combofix from Here or Here to your Desktop.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
dump_wmimmc

File::
c:\program\gpotato\flyff\gameguard\dump_wmimmc.sys

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[heir]

No, no drinks at all
Just a family party lunch and some coffee and cake afterwords. So I have to settle with a virtual

I'm raising my three children myself so there are seldom any opportunity to have a drink or two.

Thanks for the extra info you provide me. you must be a softie. And I appreciate it

If and when the logs looks fine, could help me speeding up the log-on process. If it's even possible.
It takes awful long time to log-on. Maybe there are some optionals that can be fixed to improve he speed?

By the way before combofix rebooted there was a message that catchme.cfexe couldn't be run. I think it was a missing dll in the message but i hadn't time to read it and memorize it.

Combofix.txt (had to look for this one - wasn't that hard to find)

ComboFix 08-04-11.8 - Leif 2008-04-12 17:31:05.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1053.18.463 [GMT 2:00]Running from: C:\Documents and Settings\Leif\Skrivbord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Leif\Skrivbord\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
c:\program\gpotato\flyff\gameguard\dump_wmimmc.sys
.
TimedOut: progfile.dat 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\SWCTL.DLL

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Legacy_DUMP_WMIMMC
-------\Service_ccEvtMgr
-------\Service_dump_wmimmc


(((((((((((((((((((((((((   Files Created from 2008-03-12 to 2008-04-12  )))))))))))))))))))))))))))))))
.

2008-04-11 23:51 . 2008-04-11 23:51	<KAT>	d--------	C:\Deckard
2008-04-08 23:19 . 2008-04-08 23:19	<KAT>	d--------	C:\WINDOWS\Sun
2008-04-08 23:19 . 2008-02-22 02:33	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-04-08 23:18 . 2008-04-08 23:19	<KAT>	d--------	C:\Program\Java
2008-04-08 23:17 . 2008-04-08 23:17	<KAT>	d--------	C:\Program\Delade filer\Java
2008-04-08 22:20 . 2008-04-08 22:20	<KAT>	d--------	C:\Program\Trend Micro
2008-04-08 18:01 . 2008-04-08 18:01	<KAT>	d--------	C:\Documents and Settings\Joakim\Application Data\Grisoft
2008-04-08 07:00 . 2008-04-08 07:01	<KAT>	d--------	C:\Program\Panda Security
2008-04-07 20:52 . 2008-04-08 18:40	<KAT>	d--------	C:\Program\SUPERAntiSpyware
2008-04-07 20:52 . 2008-04-07 20:52	<KAT>	d--------	C:\Documents and Settings\Leif\Application Data\SUPERAntiSpyware.com
2008-04-07 20:52 . 2008-04-07 20:52	<KAT>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-07 18:24 . 2008-04-07 18:24	<KAT>	d--------	C:\Documents and Settings\Leif\Application Data\Grisoft
2008-04-07 18:24 . 2008-04-07 18:24	<KAT>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-07 18:24 . 2007-05-30 14:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-06 17:58 . 2008-04-06 17:58	<KAT>	d--------	C:\Program\DotA Gaming Network
2008-03-27 19:37 . 1996-05-03 22:05	28,672	--a------	C:\WINDOWS\system32\MsgHoo32.OCX
2008-03-23 22:19 . 2008-03-23 22:29	<KAT>	d--------	C:\Program\StepMania CVS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 15:41	---------	d-----w	C:\Documents and Settings\Leif\Application Data\DNA
2008-04-12 15:31	---------	d-----w	C:\Program\Delade filer\Symantec Shared
2008-04-12 13:37	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 05:15	---------	d-----w	C:\Program\Google
2008-04-08 21:01	---------	d-----w	C:\Program\Warcraft III
2008-04-08 20:47	---------	d-----w	C:\Program\Maxis
2008-04-08 20:34	---------	d--h--w	C:\Program\InstallShield Installation Information
2008-04-08 20:33	---------	d-----w	C:\Program\VP-EYE
2008-04-08 20:33	---------	d-----w	C:\Program\WebEye
2008-04-07 18:52	---------	d-----w	C:\Program\Delade filer\Wise Installation Wizard
2008-04-06 20:05	---------	d-----w	C:\Program\StepMania
2008-04-06 19:42	---------	d-----w	C:\Program\StepMania 3.95 Mod
2008-03-27 15:25	---------	d-----w	C:\Documents and Settings\Leif\Application Data\U3
2008-03-25 13:41	---------	d-----w	C:\Program\WhatPulse
2008-03-06 20:32	706	----a-w	C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 20:32	23,904	----a-w	C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 20:32	10,537	----a-w	C:\WINDOWS\system32\drivers\coh_mon.cat
2006-09-28 08:41	24,944	----a-w	C:\Documents and Settings\Joakim\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51	316784	--a------	C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 19:17	116088	--a------	C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:34 15360]
"CCWinTray"="C:\WINDOWS\Tray\wintmr.exe" [2007-11-27 21:02 4217080]
"BitTorrent DNA"="C:\Program\DNA\btdna.exe" [2008-04-11 23:46 288576]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-08 18:40 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AS00_Gear311T"="C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe" [2004-11-11 19:29 475136]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-13 22:32 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-09-13 22:32 2879488 C:\WINDOWS\SkyTel.exe]
"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
"NVIDIA nTune"="C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-05-01 15:43 81920]
"RegistryMechanic"="" []
"Logitech Hardware Abstraction Layer"="C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 13:03 94208]
"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-05-29 17:05 155648]
"DeathAdder"="C:\Program\Razer\DeathAdder\razerhid.exe" [2007-05-07 17:40 159744]
"ChicoSys"="C:\WINDOWS\system32\cc32\webtmr.exe" [2007-11-27 21:02 3821304]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"!AVG Anti-Spyware"="C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:34 15360]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2008-04-08 18:40 294912 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Snabbstarta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-07 18:41 57344 C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-04 21:52 1271032 c:\program\valve\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program\\Valve\\Steam\\SteamApps\\b43qqqqqq\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program\\MSN Messenger\\livecall.exe"=
"C:\\Program\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 13:32]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 Windows-CCHook-Service;Windows-CCHook-Service;C:\WINDOWS\system32\cchservice.exe [2004-08-04 01:34]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 17:43]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 06:46]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311tn5.sys [2004-08-13 16:37]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02]
S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 12:49]
S3 CA500AI;TRUST, WDM Still Image Capture, Version 1.3.3.0;C:\WINDOWS\system32\Drivers\MinBULK.sys []
S3 CA500AV;TRUST, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CA500AV.SYS []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 CtUsbMs;Creative HID USB Filter Driver;C:\WINDOWS\system32\DRIVERS\CtUsbMs.Sys [2005-10-26 18:30]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;C:\WINDOWS\system32\DRIVERS\wg311nd5.sys []
S3 RushTopDevice;RushTopDevice;C:\Program\MSI\Core Center\RushTop.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef9884f-8613-11dc-a9af-0016176d8f6a}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b45f6aa-6080-11dc-a965-0016176d8f6a}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Kör fullständig systemsökning - Leif.job"

HJT-log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cchservice.exe
C:\Program\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\Ahead\InCD\InCD.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Razer\DeathAdder\razerhid.exe
C:\Program\Razer\DeathAdder\razertra.exe
C:\Program\Razer\DeathAdder\razerofa.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\cc32\webtmr.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\tray\wintmr.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\DNA\btdna.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program\Delade filer\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\Tray\wintmr.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158043479671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197905340828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1207689531_7973aca71da0d6fcbc99b5748363c473&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10523 bytes

And thx for your help

heir

[Essexboy]

Nothing else jumps out and bites me from that log

But I will just run MBAM to clear the registry of any orphans

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Whilst you are doing that I will look at trimming your startup options and see how to make you a little bit faster

[heir]

Hi Essexboy

That took a while.
I coudn't update MBAM
Got some help from jwbirdsong on the chat

I had to uninstall NIS 2008
Update MBAM
Reinstall NIS 2008

So here is the log

Malwarebytes' Anti-Malware 1.11
Databasversion: 617

Skanningstyp: Snabb skanning
Antal skannade objekt: 37740
Förfluten tid: 7 minute(s), 7 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

I'll translate the swedish for you - It was clean!

Why by the way is the program in swedish - I choosed English when I installed it - Strange?
Edit - Found the setting to change language in MBAM - Strange though that it was in swedish when I choosed english?

So lets see if you have some timming options for me

heir

Edited by heir, 12 April 2008 - 02:24 PM.

[Essexboy]

I had to uninstall NIS 2008
Update MBAM
Reinstall NIS 2008

Why was this ?

Now the best part of the day ----- Your log now appears clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe

OK Speedy time. The following are non-essential startup items. By using Hijackthis you can restore them from backup later if needed. The programmes themselves are not affected, all this means is that they will start when you want them to

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


THEN

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

AND FINALLY

Download, install and run Tuneup Utilities 2008

Select Free up disk space

Select Unneccesary files and backups then clean

Select Maintain Windows

Run Drive Defrag

Run Tune Up registry clean up

Then run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Select Increase performance

Run the internet Optimiser to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click Increase performance then system optimizer to run system advisor

Let me know how that goes

[heir]

Hi Essexboy!

I had to uninstall NIS 2008
Update MBAM
Reinstall NIS 2008

Why was this ?

For some reason when I've installed MBAM and tried to update - there were no connection to Internet.
I tried to just google - no connection. And and the plug-in for Norton (the toolbar was missing)
I tried almost everything - uninstalling - reinstalling - rebooting - same result.

(But after my optimization - i reckon the comp was messed up and . )

So I suggested to jwbirdsong on the chat and he agreed that i should try this, although he didn't agree on reinstalling NIS2008.( I'm not surprised)
Now after reinstalling NIS2008 I tried to update MBAM - no problems at all.

So there is no issue with NIS 2008 and MBAM update.

But I'm considering to replace NIS 2008 - suggestion from jwbirdsong

As you understand I've done the optimization.
I'm doing remotely though (using VNC). Didn't want to wake up my son. Comp is in his room.
But it seems faster now.

Powerful tools, Combofix and MBAM - Looking forward to learn how to use them.

I'm gonna let my son test the comp today (gamer) to get his opinion.
So could you keep this open until I post a confirmation, that would be great.

I'm having a game issue also for this comp with starjax in the game forum. I'm gonna pick that up now
I also want some help with the setup of the Nvidia graphics card - So I'll make a visit in the hardware forum too.

By the way I wont replace you - just complement.
Cause you're not leaving are you?

Many thx from a in training thats yet!



heir

[Essexboy]

Spooky that as we touched nothing to do with Norton Yep I'll keep this open for a day or so more

[heir]

By the way

The tools we installed can be unistalled and removed know as they are no longer needed right?

HiJackThis
MBAM
DSS

But I'll keep Tune up for the trail period

heir

[Essexboy]

Yep sure can - although MBAM is good as an occasional standalone scanner - don't forget to update before use though if you keep it

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.