Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help i can“t use windows update [RESOLVED]


  • This topic is locked This topic is locked

#1
satin1711

satin1711

    Member

  • Member
  • PipPip
  • 11 posts
Hey

I am from finland and my computer has been blocking mu windows updates page first it when to page but could noit download , then when i press windows update now i get www.msn.fi ja also office don“t update also and when i try to dowload from microsoft wxp sp3 fin i get page not there, i get to the dowload botton but when i pree that the pop up says page not found. I also had a little problem with antivirus2008 xp or what it is called i think i got it all out.
Sorry if my english is sometimes bad but i speak finnish and my computer is also finnish.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:24, on 7.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1205485810312
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3A07B7-0280-48E9-B03F-6516186EA1A3}: NameServer = 85.255.115.26,85.255.112.25
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.26 85.255.112.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.26 85.255.112.25
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7679 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "runscan" and save it to your desktop. You will see the .run file on your desktop. Upload that file here. If the forum doesn't let you upload it then please zip the .run file by right clicking and selecting send to Zip file

Then upload that as an attachment in your next post (you have to zip the .run file to upload it here).
  • 0

#3
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey

I did get wxp sp3 to work because i downloaded it from a pc magazine webside but the rest are the same.Attached File  runscan.zip   92.73KB   46 downloads
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download the attachment at the end of this post (this will be your runscanner file fixed by me)

  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC




Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Also tell me how your PC is running
  • 0

#5
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey


Well i can now get to windows update and office update pages and install updates and install everything in the windows live mail install sreen but the mail program itself.
But i still have one thing missing. After the antivirus xp 2007 my chance to change my screen saver of anything from appearence tabs are gone. When i clik on screen and then i clik properties i get only 3 tabs themes, what colur will my windows be appearences and where i but my screens number mine is 1024 x 768 and how many colour bites mine is 32. I read this advice to go to run start and then type Gpedit.msc and there i could chance that but my computer says it doesn“t fine it. But at least everythin else is working ok.




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 479.48 MiB / 178.24 MiB
Pagefile Memory (total/avail): 1122.27 MiB / 869.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1871.57 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 122.64 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 149.05 GiB total, 122.32 GiB free.

\\.\PHYSICALDRIVE0 - ST3160212A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 149.05 GiB - C:

\\.\PHYSICALDRIVE2 - HP Photosmart 2575 USB Device

\\.\PHYSICALDRIVE1 - ST916082 1AS USB Device - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 149.05 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sami\Application Data
CLASSPATH=.;C:\Program Files\JavaSoft\JRE\1.3.1_18\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4C120CB4AD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sami
LOGONSERVER=\\YOUR-4C120CB4AD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\JavaSoft\JRE\1.3.1_18\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sami\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sami\LOCALS~1\Temp
USERDOMAIN=YOUR-4C120CB4AD
USERNAME=Sami
USERPROFILE=C:\Documents and Settings\Sami
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sami (admin)
Järjestelmänvalvoja (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\InstallShield Installation Information\{3AD59E07-5D54-4142-8505-62889FEDFA59}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040B-0000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player --> msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ancient Quest of Saqqarah --> "C:\Program Files\Ancient Quest of Saqqarah\Uninstall.exe"
Apple Mobile Device Support -tuki --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Buku Dominoes --> "C:\Program Files\Buku Dominoes\Uninstall.exe"
BVS Solitaire Collection --> "C:\Program Files\BVS Solitaire Collection\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike 1.6 V31.1 --> C:\Program Files\Counter-Strike 1.6 V31\Uninstal.exe
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Fairway Solitaire --> "C:\Program Files\Fairway Solitaire\Uninstall.exe"
Fitness Frenzy --> "C:\Program Files\Fitness Frenzy\Uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo MediaOne Gallery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Jewel Quest Solitaire II --> "C:\Program Files\Jewel Quest Solitaire II\Uninstall.exe"
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0xb
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0xb UNINSTALL
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x000b -removeonly
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Mah Jong Quest III: Balance of Life --> "C:\Program Files\Mah Jong Quest III - Balance of Life\Uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access Runtime (English) 2007 --> MsiExec.exe /X{90120000-001C-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in beta --> MsiExec.exe /I{DBE4C0B6-E7E8-4985-9E96-081568EFEE7B}
Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0xb
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
PC Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\setup.exe" -l0x9 -removeonly
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Ranch Rush --> "C:\Program Files\Ranch Rush\Uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure --> "C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RTPatch Update --> "C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\unins000.exe"
save2pc Light 3.22 --> "C:\Program Files\FDRLab\save2pc\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Slingo Quest Hawaii --> "C:\Program Files\Slingo Quest Hawaii\Uninstall.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Turtix 2: Rescue Adventures --> "C:\Program Files\Turtix 2 - Rescue Adventures\Uninstall.exe"
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
Whisper 32 --> MsiExec.exe /I{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA Vinyl Audio Codecs Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-pakkausohjelma --> C:\Program Files\WinRAR\uninstall.exe
WinXP Manager --> MsiExec.exe /I{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type6219 / Error
Event Submitted/Written: 07/08/2008 08:54:54 PM
Event ID/Source: 11 / crypt32
Event Description:
Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä Cab-tiedostosta kohteessa; <http://www.download....throotstl.cab>. Virhe: Data ei kelpaa.

Event Record #/Type6204 / Error
Event Submitted/Written: 07/07/2008 04:37:17 PM
Event ID/Source: 5000 / WindowsLiveSetup
Event Description:
wlsetupdiagnosticwindows live writer12.0.1366.1026onsetupjobsourceresolutionend_ 0x8019019412.0.1471.1025NILNILNILNILNILNIL

Event Record #/Type6203 / Error
Event Submitted/Written: 07/07/2008 04:37:17 PM
Event ID/Source: 5000 / WindowsLiveSetup
Event Description:
wlsetupdiagnosticwindows live photo gallery12.0.1308.1023onsetupjobsourceresolutionend_ 0x8019019412.0.1471.1025NILNILNILNILNILNIL

Event Record #/Type6202 / Error
Event Submitted/Written: 07/07/2008 04:37:17 PM
Event ID/Source: 5000 / WindowsLiveSetup
Event Description:
wlsetupdiagnosticwindows live mail12.0.1606.1023onsetupjobsourceresolutionend_ 0x8019019412.0.1471.1025NILNILNILNILNILNIL

Event Record #/Type6200 / Error
Event Submitted/Written: 07/07/2008 04:26:06 PM
Event ID/Source: 5000 / WindowsLiveSetup
Event Description:
wlsetupdiagnosticwindows live mail12.0.1606.1023onsetupjobsourceresolutionend_ 0x8019019412.0.1471.1025NILNILNILNILNILNIL



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33665 / Warning
Event Submitted/Written: 07/08/2008 08:42:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Event Record #/Type33643 / Warning
Event Submitted/Written: 07/08/2008 07:13:43 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Event Record #/Type33642 / Warning
Event Submitted/Written: 07/08/2008 06:19:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Event Record #/Type33641 / Warning
Event Submitted/Written: 07/08/2008 05:42:17 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.

Event Record #/Type33640 / Warning
Event Submitted/Written: 07/08/2008 04:41:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.



-- End of Deckard's System Scanner: finished at 2008-07-08 20:58:04 ------------

Deckard's System Scanner v20071014.68
Run by Sami on 2008-07-08 20:53:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-07-08 17:53:42 UTC - RP48 - Deckard's System Scanner Restore Point
26: 2008-07-07 18:49:58 UTC - RP47 - Revo Uninstaller's restore point - Adobe AIR
25: 2008-07-07 18:47:37 UTC - RP46 - Revo Uninstaller's restore point - Adobe AIR
24: 2008-07-07 18:45:23 UTC - RP45 - Revo Uninstaller's restore point - Adobe AIR
23: 2008-07-07 13:37:06 UTC - RP44 - Installed Windows Live


-- First Restore Point --
1: 2008-06-29 19:37:58 UTC - RP22 - Järjestelmän tarkistuspiste


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Sami.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:09, on 8.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sami\Työpöytä\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sami.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1205485810312
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.26 85.255.112.25
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7690 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ACEDRV05 - c:\windows\system32\drivers\acedrv05.sys <Not Verified; Protect Software GmbH; >
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 SSHDRV65 - c:\windows\system32\drivers\sshdrv65.sys
R1 SSHDRV79 - c:\windows\system32\drivers\sshdrv79.sys <Not Verified; ; ProtectCD>
R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 NipSvc (Norman API-hooking helper) -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-08 20:51:26 436 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-07-08 20:00:33 364 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2008-07-07 23:42:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-03 03:10:58 370 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-07 16:17:30 0 dr-h----- C:\Documents and Settings\Sami\Recent
2008-07-07 16:09:39 0 d-------- C:\WINDOWS\Prefetch
2008-07-07 15:51:28 0 d-------- C:\WINDOWS\l2schemas
2008-07-07 15:51:27 0 d-------- C:\WINDOWS\system32\fi
2008-07-07 15:51:27 0 d-------- C:\WINDOWS\system32\bits
2008-07-07 15:48:51 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-07 15:38:49 0 d-------- C:\WINDOWS\EHome
2008-07-07 13:58:23 0 d-------- C:\Program Files\PowerISO
2008-07-07 13:34:51 0 d-------- C:\Program Files\nLite
2008-07-07 10:53:27 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-07 10:33:07 0 d-------- C:\Program Files\Trend Micro
2008-07-07 10:18:46 0 d-------- C:\Documents and Settings\Sami\Application Data\Media Player Classic
2008-07-07 10:10:55 0 d-------- C:\Program Files\XP Codec Pack
2008-07-07 10:06:19 0 d-------- C:\Program Files\Yamicsoft
2008-07-07 09:25:23 0 d-------- C:\Documents and Settings\Sami\Application Data\ErrorSmart
2008-07-07 09:18:53 0 d-------- C:\Program Files\Registry Easy
2008-07-07 09:15:30 0 d-------- C:\Documents and Settings\Sami\Application Data\OfficeUpdate12
2008-07-07 08:56:31 3161 --a------ C:\register.bat
2008-07-04 10:45:49 0 d-------- C:\Program Files\Ancient Quest of Saqqarah
2008-07-04 10:42:45 0 d-------- C:\Program Files\BVS Solitaire Collection
2008-07-04 10:42:02 0 d-------- C:\Program Files\Fairway Solitaire
2008-07-04 10:33:30 0 d-------- C:\Program Files\Fitness Frenzy
2008-07-04 10:29:14 0 d-------- C:\Program Files\Jewel Quest Solitaire II
2008-07-04 10:20:40 0 d-------- C:\Program Files\Slingo Quest Hawaii
2008-07-04 10:15:23 0 d-------- C:\Program Files\Ranch Rush
2008-07-04 09:37:37 0 d-------- C:\Program Files\Turtix 2 - Rescue Adventures
2008-06-28 01:52:56 0 d-------- C:\games
2008-06-27 22:20:17 0 d-------- C:\Program Files\Counter-Strike 1.6 V31
2008-06-27 21:52:48 0 d-------- C:\Documents and Settings\Sami\Application Data\Google
2008-06-27 21:41:54 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-27 21:19:48 0 d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-27 21:18:19 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-27 21:16:54 0 d--h----- C:\Documents and Settings\Sami\Verkkoympäristö
2008-06-27 21:16:54 0 d--h----- C:\Documents and Settings\Sami\Recent(2)
2008-06-27 18:11:47 0 d-------- C:\Program Files\CCleaner
2008-06-27 16:30:47 0 d-------- C:\fsaua.data
2008-06-27 10:49:40 0 d-------- C:\Documents and Settings\Sami\Application Data\Thunderbird
2008-06-27 06:10:33 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-27 05:53:42 0 d-------- C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e
2008-06-27 05:41:40 1962 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-27 05:39:04 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e
2008-06-27 04:54:19 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Adobe
2008-06-27 04:43:19 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Malwarebytes
2008-06-27 04:42:16 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-27 04:42:16 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
2008-06-27 04:42:16 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
2008-06-27 04:42:16 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2008-06-27 04:42:16 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Identities
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-27 04:42:15 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-27 04:42:15 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-27 04:42:15 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
2008-06-27 04:42:15 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
2008-06-27 04:42:15 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
2008-06-27 04:42:13 786432 --ah----- C:\Documents and Settings\Järjestelmänvalvoja\ntuser.dat
2008-06-27 03:57:29 0 d-------- C:\Program Files\Enigma Software Group
2008-06-27 03:28:32 0 d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-06-27 03:28:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 03:28:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 03:26:56 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-27 03:03:58 92032 -----n--- C:\WINDOWS\system32\hytoswuv.dll
2008-06-27 02:47:04 0 d-------- C:\WINDOWS\Hidden Expedition Amazon
2008-06-24 00:59:44 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-24 00:27:24 0 d-------- C:\Program Files\Adobe Media Player
2008-06-24 00:11:17 0 d-------- C:\Program Files\Buku Dominoes
2008-06-23 18:38:24 0 d-------- C:\Program Files\Mah Jong Quest III - Balance of Life
2008-06-18 08:47:04 0 d-------- C:\WINDOWS\Build in Time
2008-06-18 08:38:51 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-17 19:06:39 0 d-------- C:\Documents and Settings\Sami\Application Data\GamesCafe
2008-06-17 17:48:00 0 d-------- C:\Program Files\The Game Of LIFE PTS
2008-06-16 11:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-09 08:21:02 0 d-------- C:\Documents and Settings\Sami\Incomplete
2008-06-09 08:20:28 0 d-------- C:\Program Files\Conduit
2008-06-09 08:20:22 0 d-------- C:\Documents and Settings\Sami\Application Data\LimeWire Music
2008-06-09 08:04:17 0 d-------- C:\Program Files\inKline Global
2008-06-09 07:10:21 0 d-------- C:\Documents and Settings\Sami\Application Data\Help
2008-06-09 07:07:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-09 06:55:41 0 d-------- C:\Documents and Settings\Sami\Application Data\Uniblue


-- Find3M Report ---------------------------------------------------------------

2008-07-08 20:50:08 0 d-------- C:\Documents and Settings\Sami\Application Data\uTorrent
2008-07-08 15:58:00 0 d-------- C:\Documents and Settings\Sami\Application Data\Meridian93
2008-07-07 22:10:29 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-07 21:48:02 0 d-------- C:\Program Files\Common Files
2008-07-07 16:14:30 387984 --a------ C:\WINDOWS\system32\perfh00B.dat
2008-07-07 16:14:30 81560 --a------ C:\WINDOWS\system32\perfc00B.dat
2008-07-07 15:51:46 0 d-------- C:\Program Files\Messenger
2008-07-07 15:51:26 0 d-------- C:\Program Files\Movie Maker
2008-07-07 15:48:37 0 d-------- C:\Program Files\Windows NT
2008-07-07 11:26:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 10:13:21 0 d-------- C:\Program Files\Google
2008-06-27 21:25:47 0 d-------- C:\Documents and Settings\Sami\Application Data\Mozilla
2008-06-25 02:44:42 0 d-------- C:\Documents and Settings\Sami\Application Data\ITTNord
2008-06-24 01:24:53 0 d-------- C:\Program Files\RegCure
2008-06-24 01:00:36 0 d-------- C:\Documents and Settings\Sami\Application Data\Adobe
2008-06-09 06:54:43 0 d-------- C:\Program Files\TVUPlayer
2008-06-06 09:23:29 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-06 09:23:19 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-06 09:21:21 0 d-------- C:\Documents and Settings\Sami\Application Data\InstallShield
2008-06-03 10:36:07 0 d-------- C:\Documents and Settings\Sami\Application Data\Flood Light Games
2008-05-31 11:44:10 0 d-------- C:\Documents and Settings\Sami\Application Data\Sun
2008-05-29 23:16:51 0 d-------- C:\Program Files\BFG
2008-05-29 23:07:00 0 d-------- C:\Documents and Settings\Sami\Application Data\Big Fish Games
2008-05-29 01:54:34 0 d-------- C:\Documents and Settings\Sami\Application Data\QSGames
2008-05-26 13:20:26 0 d-------- C:\Program Files\Microsoft
2008-05-24 19:13:50 0 d-------- C:\Documents and Settings\Sami\Application Data\Macromedia
2008-05-23 03:20:09 0 d-------- C:\Documents and Settings\Sami\Application Data\Gaijin Ent
2008-05-21 22:11:06 0 d-------- C:\Documents and Settings\Sami\Application Data\MysteryStudio
2008-05-20 16:59:06 0 d-------- C:\Documents and Settings\Sami\Application Data\Apple Computer
2008-05-12 11:54:51 0 d-------- C:\Documents and Settings\Sami\Application Data\Games
2008-05-12 09:25:35 0 d-------- C:\Documents and Settings\Sami\Application Data\Restorer
2008-05-08 17:34:41 0 d-------- C:\Program Files\iTunes
2008-05-08 17:34:29 0 d-------- C:\Program Files\iPod
2008-05-08 17:32:37 0 d-------- C:\Program Files\QuickTime
2008-05-08 17:20:52 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29.02.2008 03:12 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 02:19]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20.05.2006 13:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19.04.2008 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 09:12]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07.08.2006 10:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 09:12]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [5.5.2008 8:22:13]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5.5.2008 8:19:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 02.05.2008 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
backup=C:\WINDOWS\pss\HP Image Zone -pikakäynnistys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphccvjj0el9e]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odebit Multimedia V2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc9vjj0el9e]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-08 20:58:04 ------------
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\hytoswuv.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphccvjj0el9e
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc9vjj0el9e
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new DSS log
  • 0

#7
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey

I have games that are cracked so if you very strict about those things sorry, i have to say that they are just web games like big fish games.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 09, 2008 1:36:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/07/2008
Kaspersky Anti-Virus database records: 930461
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 83534
Number of viruses found: 11
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 02:15:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sami\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Documents and Settings\Sami\Application Data\Creative\Media Database\PCML_1.ldb Object is locked skipped
C:\Documents and Settings\Sami\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Temp\JET8E41.tmp Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Temp\~DF27D2.tmp Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Temp\~DF3168.tmp Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Sami\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sami\ntuser.dat Object is locked skipped
C:\Documents and Settings\Sami\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Jewelleria + Adnan_Boy 2008 + Precracked\Jewelleria.rar/Jewelleria.exe/is158270.exe Infected: Trojan.Win32.Monderc.gen skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Jewelleria + Adnan_Boy 2008 + Precracked\Jewelleria.rar/Jewelleria.exe Infected: Trojan.Win32.Monderc.gen skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Jewelleria + Adnan_Boy 2008 + Precracked\Jewelleria.rar RAR: infected - 2 skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Turtix Rescue Adventure + Precracked\Turtix Rescue Adventure v1.2.exe/is158317.exe Infected: Trojan.Win32.Monderc.gen skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Turtix Rescue Adventure + Precracked\Turtix Rescue Adventure v1.2.exe SetupFactory: infected - 1 skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Fitness Frenzy + Full Version\Fitness Frenzy.exe/wr-1-1381.exe Infected: Trojan-Downloader.Win32.Small.xnu skipped
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Fitness Frenzy + Full Version\Fitness Frenzy.exe SetupFactory: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sami\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{80450997-E2DC-417A-B61A-BD274A353C5F}\RP43\A0011217.exe/emox.EXE/explorer.exe Infected: Trojan-Downloader.Win32.Tiny.bqp skipped
C:\System Volume Information\_restore{80450997-E2DC-417A-B61A-BD274A353C5F}\RP43\A0011217.exe/emox.EXE/svchost.exe Infected: Trojan-Downloader.Win32.Tiny.bqa skipped
C:\System Volume Information\_restore{80450997-E2DC-417A-B61A-BD274A353C5F}\RP43\A0011217.exe/emox.EXE Infected: Trojan-Downloader.Win32.Tiny.bqa skipped
C:\System Volume Information\_restore{80450997-E2DC-417A-B61A-BD274A353C5F}\RP43\A0011217.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{80450997-E2DC-417A-B61A-BD274A353C5F}\RP50\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\$RECYCLE.BIN\$RC8YOH4\jwfcplg.exe Infected: Net-Worm.Win32.Kolabc.er skipped
G:\$RECYCLE.BIN\$RD0QNMO\hardcodec4279.exe/stream/Script Infected: Trojan.Win32.DNSChanger.ph skipped
G:\$RECYCLE.BIN\$RD0QNMO\hardcodec4279.exe/stream Infected: Trojan.Win32.DNSChanger.ph skipped
G:\$RECYCLE.BIN\$RD0QNMO\hardcodec4279.exe NSIS: infected - 2 skipped
G:\$RECYCLE.BIN\$RD0QNMO\setupxv.exe/RegistrySmart/RegistrySmart.exe Infected: not-a-virus:FraudTool.Win32.RegistrySmart.a skipped
G:\$RECYCLE.BIN\$RD0QNMO\setupxv.exe 7-Zip: infected - 1 skipped
G:\$RECYCLE.BIN\$RD0QNMO\setupxv.exe UPX: infected - 1 skipped
G:\$RECYCLE.BIN\$RD0QNMO\setupxv.exe PE_Patch.UPX: infected - 1 skipped
G:\$RECYCLE.BIN\$RF0OBFS.10-TE\tjmw110a.zip/tjmw110.rar/Crack/JewelMatch_WinterWonderland.exe Infected: Backdoor.Win32.Rbot.fyz skipped
G:\$RECYCLE.BIN\$RF0OBFS.10-TE\tjmw110a.zip/tjmw110.rar Infected: Backdoor.Win32.Rbot.fyz skipped
G:\$RECYCLE.BIN\$RF0OBFS.10-TE\tjmw110a.zip ZIP: infected - 2 skipped
G:\$RECYCLE.BIN\$RF0OBFS.10-TE\tjmw110f.zip/tjmw110.r04/Crack/ReflexiveArcade/ReflexiveArcade.dll Infected: Backdoor.Win32.Rbot.pbz skipped
G:\$RECYCLE.BIN\$RF0OBFS.10-TE\tjmw110f.zip/tjmw110.r04 Infected: Backdoor.Win32.Rbot.pbz skipped
G:\$RECYCLE.BIN\$RF0OBFS.10-TE\tjmw110f.zip ZIP: infected - 2 skipped
G:\$RECYCLE.BIN\$RL8BNBW.rar/Hexic Deluxe + Serial (Game)/hexicdeluxe_setup.exe Infected: Trojan-PSW.Win32.LdPinch.elh skipped
G:\$RECYCLE.BIN\$RL8BNBW.rar RAR: infected - 1 skipped
G:\down\Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG.rar/Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG/setup.exe/data0000.cab/is200023.exe Infected: Trojan.Win32.Monder.gen skipped
G:\down\Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG.rar/Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG/setup.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
G:\down\Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG.rar/Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG/setup.exe Infected: Trojan.Win32.Monder.gen skipped
G:\down\Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG.rar RAR: infected - 3 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Deckard's System Scanner v20071014.68
Run by Sami on 2008-07-09 13:42:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Sami.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:21, on 9.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Sami\Työpöytä\dss.exe
C:\DOCUME~1\Sami\TYPYT~1\Sami.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1205485810312
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.26 85.255.112.25
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8172 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 10:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-09 10:10:03 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-09 10:09:57 0 d-------- C:\WINDOWS\LastGood
2008-07-08 21:06:28 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-07 16:17:30 0 dr-h----- C:\Documents and Settings\Sami\Recent
2008-07-07 16:09:39 0 d-------- C:\WINDOWS\Prefetch
2008-07-07 15:51:28 0 d-------- C:\WINDOWS\l2schemas
2008-07-07 15:51:27 0 d-------- C:\WINDOWS\system32\fi
2008-07-07 15:51:27 0 d-------- C:\WINDOWS\system32\bits
2008-07-07 15:48:51 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-07 15:38:49 0 d-------- C:\WINDOWS\EHome
2008-07-07 13:58:23 0 d-------- C:\Program Files\PowerISO
2008-07-07 13:34:51 0 d-------- C:\Program Files\nLite
2008-07-07 10:53:27 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-07 10:33:07 0 d-------- C:\Program Files\Trend Micro
2008-07-07 10:18:46 0 d-------- C:\Documents and Settings\Sami\Application Data\Media Player Classic
2008-07-07 10:10:55 0 d-------- C:\Program Files\XP Codec Pack
2008-07-07 10:06:19 0 d-------- C:\Program Files\Yamicsoft
2008-07-07 09:25:23 0 d-------- C:\Documents and Settings\Sami\Application Data\ErrorSmart
2008-07-07 09:18:53 0 d-------- C:\Program Files\Registry Easy
2008-07-07 09:15:30 0 d-------- C:\Documents and Settings\Sami\Application Data\OfficeUpdate12
2008-07-07 08:56:31 3161 --a------ C:\register.bat
2008-07-04 10:45:49 0 d-------- C:\Program Files\Ancient Quest of Saqqarah
2008-07-04 10:42:45 0 d-------- C:\Program Files\BVS Solitaire Collection
2008-07-04 10:42:02 0 d-------- C:\Program Files\Fairway Solitaire
2008-07-04 10:33:30 0 d-------- C:\Program Files\Fitness Frenzy
2008-07-04 10:29:14 0 d-------- C:\Program Files\Jewel Quest Solitaire II
2008-07-04 10:20:40 0 d-------- C:\Program Files\Slingo Quest Hawaii
2008-07-04 10:15:23 0 d-------- C:\Program Files\Ranch Rush
2008-07-04 09:37:37 0 d-------- C:\Program Files\Turtix 2 - Rescue Adventures
2008-06-28 01:52:56 0 d-------- C:\games
2008-06-27 22:20:17 0 d-------- C:\Program Files\Counter-Strike 1.6 V31
2008-06-27 21:52:48 0 d-------- C:\Documents and Settings\Sami\Application Data\Google
2008-06-27 21:41:54 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-27 21:19:48 0 d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-27 21:18:19 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-27 21:16:54 0 d--h----- C:\Documents and Settings\Sami\Verkkoympäristö
2008-06-27 21:16:54 0 d--h----- C:\Documents and Settings\Sami\Recent(2)
2008-06-27 18:11:47 0 d-------- C:\Program Files\CCleaner
2008-06-27 16:30:47 0 d-------- C:\fsaua.data
2008-06-27 10:49:40 0 d-------- C:\Documents and Settings\Sami\Application Data\Thunderbird
2008-06-27 06:10:33 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-27 05:53:42 0 d-------- C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e
2008-06-27 05:41:40 1962 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-27 05:39:04 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e
2008-06-27 04:54:19 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Adobe
2008-06-27 04:43:19 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Malwarebytes
2008-06-27 04:42:16 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-27 04:42:16 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
2008-06-27 04:42:16 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
2008-06-27 04:42:16 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2008-06-27 04:42:16 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Identities
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-27 04:42:15 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-27 04:42:15 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-27 04:42:15 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
2008-06-27 04:42:15 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
2008-06-27 04:42:15 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
2008-06-27 04:42:13 786432 --ah----- C:\Documents and Settings\Järjestelmänvalvoja\ntuser.dat
2008-06-27 03:57:29 0 d-------- C:\Program Files\Enigma Software Group
2008-06-27 03:28:32 0 d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-06-27 03:28:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 03:28:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 03:26:56 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-27 02:47:04 0 d-------- C:\WINDOWS\Hidden Expedition Amazon
2008-06-24 00:59:44 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-24 00:27:24 0 d-------- C:\Program Files\Adobe Media Player
2008-06-24 00:11:17 0 d-------- C:\Program Files\Buku Dominoes
2008-06-23 18:38:24 0 d-------- C:\Program Files\Mah Jong Quest III - Balance of Life
2008-06-18 08:47:04 0 d-------- C:\WINDOWS\Build in Time
2008-06-18 08:38:51 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-17 19:06:39 0 d-------- C:\Documents and Settings\Sami\Application Data\GamesCafe
2008-06-17 17:48:00 0 d-------- C:\Program Files\The Game Of LIFE PTS
2008-06-16 11:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-09 08:21:02 0 d-------- C:\Documents and Settings\Sami\Incomplete
2008-06-09 08:20:28 0 d-------- C:\Program Files\Conduit
2008-06-09 08:20:22 0 d-------- C:\Documents and Settings\Sami\Application Data\LimeWire Music
2008-06-09 08:04:17 0 d-------- C:\Program Files\inKline Global
2008-06-09 07:10:21 0 d-------- C:\Documents and Settings\Sami\Application Data\Help
2008-06-09 07:07:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-06-09 06:55:41 0 d-------- C:\Documents and Settings\Sami\Application Data\Uniblue


-- Find3M Report ---------------------------------------------------------------

2008-07-09 10:53:04 0 d-------- C:\Documents and Settings\Sami\Application Data\uTorrent
2008-07-08 21:07:05 0 d-------- C:\Program Files\Windows Live
2008-07-08 21:04:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-08 15:58:00 0 d-------- C:\Documents and Settings\Sami\Application Data\Meridian93
2008-07-07 22:10:29 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-07 21:48:02 0 d-------- C:\Program Files\Common Files
2008-07-07 16:14:30 387984 --a------ C:\WINDOWS\system32\perfh00B.dat
2008-07-07 16:14:30 81560 --a------ C:\WINDOWS\system32\perfc00B.dat
2008-07-07 15:51:46 0 d-------- C:\Program Files\Messenger
2008-07-07 15:51:26 0 d-------- C:\Program Files\Movie Maker
2008-07-07 15:48:37 0 d-------- C:\Program Files\Windows NT
2008-07-07 11:26:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 10:13:21 0 d-------- C:\Program Files\Google
2008-06-27 21:25:47 0 d-------- C:\Documents and Settings\Sami\Application Data\Mozilla
2008-06-25 02:44:42 0 d-------- C:\Documents and Settings\Sami\Application Data\ITTNord
2008-06-24 01:24:53 0 d-------- C:\Program Files\RegCure
2008-06-24 01:00:36 0 d-------- C:\Documents and Settings\Sami\Application Data\Adobe
2008-06-09 06:54:43 0 d-------- C:\Program Files\TVUPlayer
2008-06-06 09:23:29 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-06 09:23:19 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-06 09:21:21 0 d-------- C:\Documents and Settings\Sami\Application Data\InstallShield
2008-06-03 10:36:07 0 d-------- C:\Documents and Settings\Sami\Application Data\Flood Light Games
2008-05-31 11:44:10 0 d-------- C:\Documents and Settings\Sami\Application Data\Sun
2008-05-29 23:16:51 0 d-------- C:\Program Files\BFG
2008-05-29 23:07:00 0 d-------- C:\Documents and Settings\Sami\Application Data\Big Fish Games
2008-05-29 01:54:34 0 d-------- C:\Documents and Settings\Sami\Application Data\QSGames
2008-05-26 13:20:26 0 d-------- C:\Program Files\Microsoft
2008-05-24 19:13:50 0 d-------- C:\Documents and Settings\Sami\Application Data\Macromedia
2008-05-23 03:20:09 0 d-------- C:\Documents and Settings\Sami\Application Data\Gaijin Ent
2008-05-21 22:11:06 0 d-------- C:\Documents and Settings\Sami\Application Data\MysteryStudio
2008-05-20 16:59:06 0 d-------- C:\Documents and Settings\Sami\Application Data\Apple Computer
2008-05-12 11:54:51 0 d-------- C:\Documents and Settings\Sami\Application Data\Games
2008-05-12 09:25:35 0 d-------- C:\Documents and Settings\Sami\Application Data\Restorer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29.02.2008 03:12 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 02:19]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20.05.2006 13:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19.04.2008 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 09:12]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07.08.2006 10:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 09:12]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [5.5.2008 8:22:13]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5.5.2008 8:19:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 02.05.2008 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
backup=C:\WINDOWS\pss\HP Image Zone -pikakäynnistys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odebit Multimedia V2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-09 13:45:57 ------------
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes we are strict with them, cause that is how you got infected

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Jewelleria + Adnan_Boy 2008 + Precracked
    C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Turtix Rescue Adventure + Precracked
    C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Fitness Frenzy + Full Version\Fitness Frenzy.exe
    G:\down\Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG.rar
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#9
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey

Are all cracked games full with viruses because when i used panda it did not register anything but now i am using avast and it seems to work but if i am istalling a game and it says theyr is a virus i but it to vault or quarantine as it called but i can still install and play the game, is the virus still free to infected my computer. What is the best antivirus program but nothing big panda made my computer very slow to start. And i istalled Windows Mail with out problems.


Explorer killed successfully
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Jewelleria + Adnan_Boy 2008 + Precracked moved successfully.
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Bigfish Games - Turtix Rescue Adventure + Precracked moved successfully.
C:\Documents and Settings\Sami\Omat tiedostot\Downloads\Fitness Frenzy + Full Version\Fitness Frenzy.exe moved successfully.
File/Folder G:\down\Alawar Games Mystery.Cookbook.v1.0.Cracked-F4CG.rar not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Sami\LOCALS~1\Temp\JET8E41.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_608.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_160007

Files moved on Reboot...
File C:\DOCUME~1\Sami\LOCALS~1\Temp\JET8E41.tmp not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_608.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Anything that has crack, keygen, hack in it, will get you infected

I recommend Avira for an anti-virus

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "G:\down">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears
  • 0

Advertisements


#11
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Aseman G nimi on LACIE
Aseman sarjanumero on 7C38-F43B

Kansio G:\down

09.07.2008 16:20 <KANSIO> .
09.07.2008 16:20 <KANSIO> ..
03.07.2008 03:04 <KANSIO> 10 handy full programs
09.07.2008 16:18 <KANSIO> Alawar Games - Elias The Mighty + Adnan_Boy 2008
09.07.2008 16:19 <KANSIO> Alawar Games - Alex Gordon + Adnan_Boy 2008 + Bigfish + Precracked
08.07.2008 18:03 27’620’846 Ancient Quest of Saqqarah + Crack + CDKey.rar
09.07.2008 16:19 <KANSIO> Bigfish Games - 10 Days Under The Sea + Adnan_Boy 2008 + Precracked + New Hidden Object Game
28.06.2008 01:46 <KANSIO> Bigfish Games - Hells Kitchen + Adnan_Boy 2008 + Precracked + New Dash Game
09.07.2008 16:20 <KANSIO> Bigfish Games - Kiss Me + Adnan_Boy 2008 + Precracked
09.07.2008 16:19 <KANSIO> Bigfish Games - The Lost Treasures of Alexandria + Adnan_Boy 2008 + Precracked
18.06.2008 14:17 <KANSIO> Bigfish Games - The Three Stooges - Treasure Hunt Hijinks + Adnan_Boy 2008 + Precracked
09.07.2008 16:20 <KANSIO> Fenomen Games - Unicorn Castle + Adnan_Boy 2008 + New Hidden Object Game
09.07.2008 16:19 <KANSIO> Fitness Frenzy + Full Version
28.06.2008 01:57 <KANSIO> Hidden Expedition Amazon (hidden object)
27.06.2008 11:26 <KANSIO> Hoyle.Enchanted.Puzzles.v1.01-TE
09.07.2008 16:19 <KANSIO> Jenny's Fish Shop (New Dash Game) - HoneyB [SeCtIoN8]
09.07.2008 16:20 <KANSIO> Mahjong Quest III Balance of Live Pre-Cracked
28.06.2008 01:46 <KANSIO> MCF-Madame.Fate
28.06.2008 01:46 <KANSIO> Mystery Case - Madam Fate [cracked by indianboy]
09.07.2008 16:20 <KANSIO> Playfist Games - Wedding Dash 2 Rings Around the World + Adnan_Boy 2008
09.07.2008 16:20 <KANSIO> Ranch.Rush.v1.11-TE
28.06.2008 01:46 <KANSIO> REFLEXIVE Mystery Case Files Madame Fate FULL
27.06.2008 11:26 <KANSIO> Sprill The Mystery of the Bermuda Triangle [h33t] [oi812heet]
27.06.2008 06:50 66’082’352 TradewindsCaravans-Setup.exe
08.07.2008 18:38 36’351’691 Unicorn Castle + Precracked.rar
09.07.2008 16:19 <KANSIO> Zoo Break Out + Adnan_Boy 2008 + Precracked + New Hidden Object Game
3 tiedosto(a) 130’054’889 tavua
23 kansio(ta) 130’767’114’240 tavua vapaana
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    G:\down\Alawar Games - Alex Gordon + Adnan_Boy 2008 + Bigfish + Precracked
    G:\down\Ancient Quest of Saqqarah + Crack + CDKey.rar
    G:\down\Bigfish Games - 10 Days Under The Sea + Adnan_Boy 2008 + Precracked + New Hidden Object Game
    G:\down\Bigfish Games - Hells Kitchen + Adnan_Boy 2008 + Precracked + New Dash Game
    G:\down\Bigfish Games - Kiss Me + Adnan_Boy 2008 + Precracked
    G:\down\Bigfish Games - The Lost Treasures of Alexandria + Adnan_Boy 2008 + Precracked
    G:\down\Bigfish Games - The Three Stooges - Treasure Hunt Hijinks + Adnan_Boy 2008 + Precracked
    G:\down\Mystery Case - Madam Fate [cracked by indianboy]
    G:\down\Unicorn Castle + Precracked.rar
    G:\down\Zoo Break Out + Adnan_Boy 2008 + Precracked + New Hidden Object Game
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#13
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Explorer killed successfully
G:\down\Alawar Games - Alex Gordon + Adnan_Boy 2008 + Bigfish + Precracked\pics moved successfully.
G:\down\Alawar Games - Alex Gordon + Adnan_Boy 2008 + Bigfish + Precracked moved successfully.
G:\down\Ancient Quest of Saqqarah + Crack + CDKey.rar moved successfully.
G:\down\Bigfish Games - 10 Days Under The Sea + Adnan_Boy 2008 + Precracked + New Hidden Object Game moved successfully.
G:\down\Bigfish Games - Hells Kitchen + Adnan_Boy 2008 + Precracked + New Dash Game moved successfully.
G:\down\Bigfish Games - Kiss Me + Adnan_Boy 2008 + Precracked moved successfully.
G:\down\Bigfish Games - The Lost Treasures of Alexandria + Adnan_Boy 2008 + Precracked\pics moved successfully.
G:\down\Bigfish Games - The Lost Treasures of Alexandria + Adnan_Boy 2008 + Precracked moved successfully.
G:\down\Bigfish Games - The Three Stooges - Treasure Hunt Hijinks + Adnan_Boy 2008 + Precracked moved successfully.
< G:\down\Mystery Case - Madam Fate [cracked by indianboy] >
G:\down\Mystery Case - Madam Fate [cracked by indianboy] moved successfully.
G:\down\Unicorn Castle + Precracked.rar moved successfully.
G:\down\Zoo Break Out + Adnan_Boy 2008 + Precracked + New Hidden Object Game moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Sami\LOCALS~1\Temp\JET6C70.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_608.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_165948

Files moved on Reboot...
File C:\DOCUME~1\Sami\LOCALS~1\Temp\JET6C70.tmp not found!
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_608.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Malwarebytes' Anti-Malware 1.20
Tietokantaversio: 941
Windows 5.1.2600 Service Pack 3

16:35:57 12.7.2008
mbam-log-7-12-2008 (16-35-57).txt

Tarkistustyyppi: Pikatarkistus
Tarkistetut kohteet: 50737
Kulunut aika: 12 minute(s), 4 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 1
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 9
Saastuneita hakemistoja: 22
Saastuneita tiedostoja: 1

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{862a0a1b-a6d4-400d-8e2b-0b2ae6584920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.26,85.255.112.25 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{862a0a1b-a6d4-400d-8e2b-0b2ae6584920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.26,85.255.112.25 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{862a0a1b-a6d4-400d-8e2b-0b2ae6584920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.26,85.255.112.25 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.26 85.255.112.25 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{862a0a1b-a6d4-400d-8e2b-0b2ae6584920}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.26,85.255.112.25 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{aa3a07b7-0280-48e9-b03f-6516186ea1a3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.26,85.255.112.25 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sami\Application Data\rhc9vjj0el9e\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\rhc9vjj0el9e\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\WINDOWS\system32\phccvjj0el9e.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post a new DSS log
  • 0

#15
satin1711

satin1711

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Deckard's System Scanner v20071014.68
Run by Sami on 2008-07-14 09:07:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 480 MiB (512 MiB recommended).


-- HijackThis (run as Sami.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:08:12, on 14.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sami\Työpöytä\ehto\dss.exe
C:\DOCUME~1\Sami\TYPYT~1\ehto\Sami.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1205485810312
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8086 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-12 16:46:56 0 d-------- C:\Program Files\Spa Mania
2008-07-12 16:41:16 0 d-------- C:\Program Files\Tropico Jong - Butterfly Expedition
2008-07-12 16:40:17 0 d-------- C:\Program Files\Puzzle Hero
2008-07-12 16:35:59 0 d-------- C:\Program Files\Elf Bowling - Hawaiian Vacation
2008-07-09 10:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-09 10:10:03 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-08 21:06:28 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-07 16:17:30 0 dr-h----- C:\Documents and Settings\Sami\Recent
2008-07-07 16:09:39 0 d-------- C:\WINDOWS\Prefetch
2008-07-07 15:51:28 0 d-------- C:\WINDOWS\l2schemas
2008-07-07 15:51:27 0 d-------- C:\WINDOWS\system32\fi
2008-07-07 15:51:27 0 d-------- C:\WINDOWS\system32\bits
2008-07-07 15:48:51 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-07 15:38:49 0 d-------- C:\WINDOWS\EHome
2008-07-07 13:58:23 0 d-------- C:\Program Files\PowerISO
2008-07-07 13:34:51 0 d-------- C:\Program Files\nLite
2008-07-07 10:53:27 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-07 10:33:07 0 d-------- C:\Program Files\Trend Micro
2008-07-07 10:18:46 0 d-------- C:\Documents and Settings\Sami\Application Data\Media Player Classic
2008-07-07 10:10:55 0 d-------- C:\Program Files\XP Codec Pack
2008-07-07 10:06:19 0 d-------- C:\Program Files\Yamicsoft
2008-07-07 09:25:23 0 d-------- C:\Documents and Settings\Sami\Application Data\ErrorSmart
2008-07-07 09:18:53 0 d-------- C:\Program Files\Registry Easy
2008-07-07 09:15:30 0 d-------- C:\Documents and Settings\Sami\Application Data\OfficeUpdate12
2008-07-07 08:56:31 3161 --a------ C:\register.bat
2008-07-04 10:45:49 0 d-------- C:\Program Files\Ancient Quest of Saqqarah
2008-07-04 10:42:45 0 d-------- C:\Program Files\BVS Solitaire Collection
2008-07-04 10:42:02 0 d-------- C:\Program Files\Fairway Solitaire
2008-07-04 10:33:30 0 d-------- C:\Program Files\Fitness Frenzy
2008-07-04 10:29:14 0 d-------- C:\Program Files\Jewel Quest Solitaire II
2008-07-04 10:20:40 0 d-------- C:\Program Files\Slingo Quest Hawaii
2008-07-04 10:15:23 0 d-------- C:\Program Files\Ranch Rush
2008-07-04 09:37:37 0 d-------- C:\Program Files\Turtix 2 - Rescue Adventures
2008-06-28 01:52:56 0 d-------- C:\games
2008-06-27 22:20:17 0 d-------- C:\Program Files\Counter-Strike 1.6 V31
2008-06-27 21:52:48 0 d-------- C:\Documents and Settings\Sami\Application Data\Google
2008-06-27 21:41:54 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-06-27 21:19:48 0 d-------- C:\Documents and Settings\LocalService\Käynnistä-valikko
2008-06-27 21:18:19 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-27 21:16:54 0 d--h----- C:\Documents and Settings\Sami\Verkkoympäristö
2008-06-27 21:16:54 0 d--h----- C:\Documents and Settings\Sami\Recent(2)
2008-06-27 18:11:47 0 d-------- C:\Program Files\CCleaner
2008-06-27 16:30:47 0 d-------- C:\fsaua.data
2008-06-27 10:49:40 0 d-------- C:\Documents and Settings\Sami\Application Data\Thunderbird
2008-06-27 06:10:33 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-27 05:41:40 1962 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-27 04:54:19 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Adobe
2008-06-27 04:43:19 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Malwarebytes
2008-06-27 04:42:16 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-27 04:42:16 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja\Cookies
2008-06-27 04:42:16 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Application Data
2008-06-27 04:42:16 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
2008-06-27 04:42:16 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Identities
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-27 04:42:15 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-27 04:42:15 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-27 04:42:15 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\SendTo
2008-06-27 04:42:15 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja\Recent
2008-06-27 04:42:15 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-27 04:42:15 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Local Settings
2008-06-27 04:42:13 786432 --ah----- C:\Documents and Settings\Järjestelmänvalvoja\ntuser.dat
2008-06-27 03:57:29 0 d-------- C:\Program Files\Enigma Software Group
2008-06-27 03:28:32 0 d-------- C:\Documents and Settings\Sami\Application Data\Malwarebytes
2008-06-27 03:28:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 03:28:22 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 03:26:56 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-27 02:47:04 0 d-------- C:\WINDOWS\Hidden Expedition Amazon
2008-06-24 00:59:44 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-24 00:27:24 0 d-------- C:\Program Files\Adobe Media Player
2008-06-24 00:11:17 0 d-------- C:\Program Files\Buku Dominoes
2008-06-23 18:38:24 0 d-------- C:\Program Files\Mah Jong Quest III - Balance of Life
2008-06-18 08:47:04 0 d-------- C:\WINDOWS\Build in Time
2008-06-18 08:38:51 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-17 19:06:39 0 d-------- C:\Documents and Settings\Sami\Application Data\GamesCafe
2008-06-17 17:48:00 0 d-------- C:\Program Files\The Game Of LIFE PTS
2008-06-16 11:29:13 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo


-- Find3M Report ---------------------------------------------------------------

2008-07-12 17:07:47 0 d-------- C:\Documents and Settings\Sami\Application Data\uTorrent
2008-07-09 15:58:42 0 d-------- C:\Program Files\Windows Live
2008-07-08 21:04:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-08 15:58:00 0 d-------- C:\Documents and Settings\Sami\Application Data\Meridian93
2008-07-07 22:10:29 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-07 21:48:02 0 d-------- C:\Program Files\Common Files
2008-07-07 16:14:30 387984 --a------ C:\WINDOWS\system32\perfh00B.dat
2008-07-07 16:14:30 81560 --a------ C:\WINDOWS\system32\perfc00B.dat
2008-07-07 15:51:46 0 d-------- C:\Program Files\Messenger
2008-07-07 15:51:26 0 d-------- C:\Program Files\Movie Maker
2008-07-07 15:48:37 0 d-------- C:\Program Files\Windows NT
2008-07-07 11:26:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 10:13:21 0 d-------- C:\Program Files\Google
2008-06-27 21:25:47 0 d-------- C:\Documents and Settings\Sami\Application Data\Mozilla
2008-06-25 02:44:42 0 d-------- C:\Documents and Settings\Sami\Application Data\ITTNord
2008-06-24 10:18:29 0 d-------- C:\Program Files\Conduit
2008-06-24 01:24:53 0 d-------- C:\Program Files\RegCure
2008-06-24 01:00:36 0 d-------- C:\Documents and Settings\Sami\Application Data\Adobe
2008-06-09 08:28:11 0 d-------- C:\Documents and Settings\Sami\Application Data\LimeWire Music
2008-06-09 08:04:17 0 d-------- C:\Program Files\inKline Global
2008-06-09 07:10:21 0 d-------- C:\Documents and Settings\Sami\Application Data\Help
2008-06-09 06:55:41 0 d-------- C:\Documents and Settings\Sami\Application Data\Uniblue
2008-06-09 06:54:43 0 d-------- C:\Program Files\TVUPlayer
2008-06-06 09:23:29 0 d-------- C:\Program Files\Common Files\Logishrd
2008-06-06 09:23:19 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-06 09:21:21 0 d-------- C:\Documents and Settings\Sami\Application Data\InstallShield
2008-06-03 10:36:07 0 d-------- C:\Documents and Settings\Sami\Application Data\Flood Light Games
2008-05-31 11:44:10 0 d-------- C:\Documents and Settings\Sami\Application Data\Sun
2008-05-29 23:16:51 0 d-------- C:\Program Files\BFG
2008-05-29 23:07:00 0 d-------- C:\Documents and Settings\Sami\Application Data\Big Fish Games
2008-05-29 01:54:34 0 d-------- C:\Documents and Settings\Sami\Application Data\QSGames
2008-05-26 13:20:26 0 d-------- C:\Program Files\Microsoft
2008-05-24 19:13:50 0 d-------- C:\Documents and Settings\Sami\Application Data\Macromedia
2008-05-23 03:20:09 0 d-------- C:\Documents and Settings\Sami\Application Data\Gaijin Ent
2008-05-21 22:11:06 0 d-------- C:\Documents and Settings\Sami\Application Data\MysteryStudio
2008-05-20 16:59:06 0 d-------- C:\Documents and Settings\Sami\Application Data\Apple Computer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [29.02.2008 03:12 C:\WINDOWS\KHALMNPR.Exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 02:19]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20.05.2006 13:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19.04.2008 12:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28.03.2008 23:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 09:12]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07.08.2006 10:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14.04.2008 09:12]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [5.5.2008 8:22:13]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5.5.2008 8:19:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 02.05.2008 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Image Zone -pikakäynnistys.lnk]
backup=C:\WINDOWS\pss\HP Image Zone -pikakäynnistys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odebit Multimedia V2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-14 09:11:48 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP