!Fake! Securitycenter

January 7, 2010 at 04:11:34
Specs: Windows Vista Ultimate, Think I have 2048 mb..
Could someone help me fix a security center virus that I have on my other computer. I have tried to use Ad-Aware and it found some malwares, but it didn't solve my problem. The virus makes a Internet Explorer administration thing pop up, and won'tlet me connect to the internet. It also won't let me start my Norton antivirus 360.. I tried to run in Safe mode with network, but it didnt help alot...so what should i do????

See More: !Fake! Securitycenter

Report •

#1
January 7, 2010 at 14:55:34
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 8, 2010 at 15:51:48
Thank you very much, hope it works... trying it out right now ill PM u if somethings wrong ;)

Report •

#3
January 8, 2010 at 16:58:59
exeHelper by Raktor
Build 20091220
Run at 01:37:05 on 01/09/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


Heres my exehelper log, but I still cant get the malwarebytes program to start.. it looks like its trying to work, but just stops, how do I get it to strat, somehting to do?? use the exehelper one more time or sumthin....??


Report •

Related Solutions

#4
January 8, 2010 at 17:33:30
Ive had this problem with the security center box popping up. It turned out to be a link for spy ware software. Once I figured out the trojan's file name (in my case it was "Trojan.Zlob.G") I used a file shredder to get rid of it. No spyware, anti-spam or virus software would get rid of it. The file shredder was the only way I got rid of it. I can't remember which program I used, it was on a different system, but I DL'd it from downloads.com.

Report •

#5
January 8, 2010 at 19:16:53
See if you can post the RSIT logs.

Report •

#6
January 9, 2010 at 06:25:25
Logfile of random's system information tool 1.06 (written by random/random)
Run by Christroyer at 2010-01-09 15:22:01
Microsoft® Windows Vista™ Ultimate Service Pack 2
System drive C: has 3 GB (2%) free of 194 GB
Total RAM: 2047 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Christroyer.job
C:\Windows\tasks\User_Feed_Synchronization-{15DBD6D0-A323-471C-88D5-A02C4DF072AA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-19 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E3A97D3-9F15-4067-D0F9-241CC9CC9541}]
BestShoppingTipsProgram - C:\Program Files\BestShoppingTipsProgram\BestShoppingTipsProgram.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Norton-verktøylinjen - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-19 609424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=C:\Windows\system32\startup.exe [2008-01-18 57344]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"Skytel"=C:\Windows\Skytel.exe [2007-06-18 1826816]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-08 4669440]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-04-30 13781536]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DT PHL"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2008-08-29 86016]
"D-Link D-Link Wireless N DWA-140"=C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe [2008-04-15 1675264]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-10 115816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-23 520024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-08-16 167368]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\Christroyer\Program Files\DNA\btdna.exe [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-07 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\Program Files\Hamachi\hamachi.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~3\LimeWire\LimeWire.exe [2009-07-31 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper og Launcher.lnk]
C:\PROGRA~3\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telenor Sikker Lagring.lnk]
C:\PROGRA~3\TELENO~1\SAFEST~1.EXE [2007-10-23 91648]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\dvdcheck.exe
shell\directx\command - DirectX9\dxsetup.exe
shell\setup\command - I:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\dvdcheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b2af20-5d7e-11de-be47-001e8c6c33ce}]
shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{924e1e87-63b8-11dd-abb9-001e8c6c33ce}]
shell\AutoRun\command - H:\FalloutLauncher.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-09 15:22:02 ----D---- C:\Program Files\trend micro
2010-01-09 15:22:01 ----D---- C:\rsit
2010-01-09 02:03:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-09 01:24:29 ----D---- C:\Program Files\MB
2010-01-09 01:21:58 ----D---- C:\ProgramData\Malwarebytes
2009-12-29 01:09:19 ----A---- C:\Windows\ntbtlog.txt
2009-12-25 04:17:48 ----A---- C:\Windows\system32\krl32mainweq.dll
2009-12-25 04:15:32 ----A---- C:\ProgramData\sysReserve.ini
2009-12-21 00:06:27 ----D---- C:\ProgramData\Electronic Arts

======List of files/folders modified in the last 1 months======

2010-01-09 15:22:02 ----RD---- C:\Program Files
2010-01-09 15:22:02 ----D---- C:\Windows\Prefetch
2010-01-09 15:21:23 ----D---- C:\Windows\Temp
2010-01-09 15:18:46 ----D---- C:\Windows\System32
2010-01-09 15:18:46 ----D---- C:\Windows\inf
2010-01-09 15:18:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-09 13:17:10 ----D---- C:\Windows\Tasks
2010-01-09 02:35:44 ----D---- C:\Users\Christroyer\AppData\Roaming\Skype
2010-01-09 02:23:37 ----D---- C:\Users\Christroyer\AppData\Roaming\DNA
2010-01-09 02:23:33 ----D---- C:\Windows\pss
2010-01-09 02:08:29 ----D---- C:\Users\Christroyer\AppData\Roaming\LimeWire
2010-01-09 02:03:52 ----D---- C:\Windows\system32\drivers
2010-01-09 01:21:58 ----D---- C:\ProgramData
2010-01-09 00:47:11 ----D---- C:\Users\Christroyer\AppData\Roaming\skypePM
2010-01-09 00:46:38 ----D---- C:\ProgramData\Google Updater
2010-01-06 18:00:01 ----D---- C:\Program Files\Norton Security Scan
2010-01-06 16:19:26 ----D---- C:\Program Files\Mozilla Firefox
2009-12-29 01:09:19 ----D---- C:\Windows
2009-12-28 01:21:16 ----D---- C:\Windows\system32\LogFiles
2009-12-25 02:04:16 ----SHD---- C:\System Volume Information
2009-12-25 01:43:16 ----SHD---- C:\Windows\Installer
2009-12-25 01:43:16 ----SHD---- C:\Config.Msi
2009-12-25 01:41:48 ----D---- C:\Program Files\Google
2009-12-25 00:47:56 ----D---- C:\Windows\system32\catroot2
2009-12-21 00:37:20 ----D---- C:\Program Files\Electronic Arts
2009-12-21 00:37:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-21 00:11:01 ----D---- C:\Program Files\Ubisoft
2009-12-20 23:52:34 ----D---- C:\Spill
2009-12-20 23:51:10 ----D---- C:\Users\Christroyer\AppData\Roaming\BitTorrent
2009-12-20 12:57:04 ----D---- C:\Program Files\Garena
2009-12-18 12:33:19 ----D---- C:\Program Files\DAEMON Tools
2009-12-13 20:57:48 ----D---- C:\ProgramData\CanonIJPLM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2009-07-12 3033712]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-28 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~4\Symantec\DEFINI~1\SymcData\idsdefs\20091217.001\IDSvix86.sys [2009-11-20 286768]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-01-10 191544]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-28 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-12 1792792]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-24 7680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-30 9850016]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2008-07-21 17064]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-09-02 176128]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-07 124464]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 awze713q;awze713q; C:\Windows\system32\drivers\awze713q.sys []
S3 cxbu0wdm;CardMan 3x21; C:\Windows\system32\DRIVERS\cxbu0wdm.sys [2008-01-15 97792]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\CHRIST~1\AppData\Local\Temp\EUBC745.tmp []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-08-17 25280]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-08-17 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~4\Symantec\DEFINI~1\VIRUSD~1\20091224.002\NAVENG.SYS [2009-12-14 84912]
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~4\Symantec\DEFINI~1\VIRUSD~1\20091224.002\NAVEX15.SYS [2009-12-14 1323568]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\Dnetr28u.sys [2009-08-03 735232]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2009-03-27 138184]
S3 rt70x86;RT2500 USB Wireless LAN Driver; C:\Windows\system32\DRIVERS\netr70.sys [2009-08-08 245248]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2007-01-10 12984]
S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2007-01-10 145976]
S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2007-01-10 40120]
S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2007-01-10 38200]
S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-01-10 27576]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 USBCCID;USB Smart Card reader; C:\Windows\system32\DRIVERS\usbccid.sys [2008-01-19 30208]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [2008-08-29 69632]
R2 Folding@home-CPU-[1];Folding@home-CPU-[1]; C:\Folding@HomeCPU\1\Fah.exe [2009-12-09 422400]
R2 Folding@home-CPU-[2];Folding@home-CPU-[2]; C:\Folding@HomeCPU\2\Fah.exe [2009-12-09 422400]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-23 1028432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-04-30 211488]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-07-21 98304]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2009-07-12 316816]
S2 ccEvtMgr;ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 ccSetMgr;ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 gupdate1c990f1174ce00;Googles oppdateringstjeneste (gupdate1c990f1174ce00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-10 108648]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-13 49248]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-17 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~3\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-03-27 183112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-08-03 1174664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]

-----------------EOF-----------------


Report •

#7
January 9, 2010 at 06:27:00
info.txt logfile of random's system information tool 1.06 2010-01-09 15:22:06

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AltoMP3 Gold 5.20-->C:\Program Files\AltoMP3 Gold\uninst.exe
ANIWZCS2 Service-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Brukerregistrering for Canon MP610 series-->C:\Program Files\Canon\IJEREG\MP610 series\UNINST.EXE
Call of Juarez - Bound in Blood-->C:\Program Files\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\Setup.exe -runfromtemp -l0x0409
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x0014
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Deer Hunter - The 2005 Season-->"C:\Spill\Deer Hunter 2005\unins000.exe"
Deluxe Ski Jump 3 v1.7.0-->"C:\Program Files\Deluxe Ski Jump 3\Uninstall\unins000.exe"
DiRT-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
D-Link Wireless N DWA-140-->C:\Program Files\InstallShield Installation Information\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}\setup.exe -runfromtemp -l0x0014 -removeonly
EA Network Play System-->C:\Windows\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Emote-Launcher (remove only)-->"C:\Program Files\Emote\Launcher\Emote-Launcher-uninst.exe"
Fallout 3-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
FFBestShoppingTipsProgram-->C:\Program Files\Mozilla Firefox\extensions\BestShoppingTipsProgram@BestShoppingTipsProgram\uninstall.exe uninstall=bestshoppingtipsprogramff
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Football Manager 2009-->"C:\Spill\Football Manager 2009\Uninstall_Football Manager 2009\Avinstaller Football Manager 2009.exe"
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Avinstaller Football Manager 2010.exe"
GameCenter-->C:\Program Files\Cyanide\GameCenter\uninstall.exe
Garena-->C:\Program Files\Garena\uninst.exe
GearDrvs-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Left 4 Dead 2 Standalone Patch-->C:\Users\Christroyer\Desktop\Left 4 Dead 2\uninstall.exe
LG USB Modem driver-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x14 LG -removeonly
LG_MobileSync-->C:\Program Files\InstallShield Installation Information\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}\setup.exe -runfromtemp -l0x0009 -removeonly
LimeWire PRO 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War : Kingdoms : Americas-->C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia-->C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades-->C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic-->C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0414-0000-0000000FF1CE} /uninstall {1F005547-336E-439D-846F-CE37BD507012}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0414-0000-0000000FF1CE} /uninstall {A651C900-ADDD-4CE1-8C66-25473194F530}
Microsoft Office Access MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0015-0414-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel 2007 Help Oppdatering (KB963678)-->msiexec /package {90120000-0016-0414-0000-0000000FF1CE} /uninstall {786F200B-1F70-4B66-BBB3-29CFF7C425D7}
Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0016-0414-0000-0000000FF1CE}
Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-00BA-0414-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0044-0414-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-00A1-0414-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001A-0414-0000-0000000FF1CE}
Microsoft Office Powerpoint 2007 Help Oppdatering (KB963669)-->msiexec /package {90120000-0018-0414-0000-0000000FF1CE} /uninstall {5511F835-0C39-4158-A689-34997E3F28AD}
Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0018-0414-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007-->MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proofing (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-002C-0414-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0414-0000-0000000FF1CE} /uninstall {D3413506-02DD-4918-AB8B-A9939A14C2E8}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0814-0000-0000000FF1CE} /uninstall {1B70EF07-15AB-483B-B7DE-C60584A3F518}
Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-0019-0414-0000-0000000FF1CE}
Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-006E-0414-0000-0000000FF1CE}
Microsoft Office Word 2007 Help Oppdatering (KB963665)-->msiexec /package {90120000-001B-0414-0000-0000000FF1CE} /uninstall {ED32C952-462A-4787-8AC1-CE455D7A816F}
Microsoft Office Word MUI (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001B-0414-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Morrowind-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Spill\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Need For Speed Road Challenge-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Electronic Arts\Need For Speed Road Challenge\Uninst.isu" -c"C:\Program Files\Electronic Arts\Need For Speed Road Challenge\uninst.dll" E
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_nor.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360 Online (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Opplastingsverktøy for Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pivot Software-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro Cycling Manager - Season 2009 1.0.3.3-->"C:\Program Files\Cyanide\Pro Cycling Manager - Season 2009\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -l0x0014 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\setup.exe" -l0x14
ScanSoft OmniPage SE 4-->MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SDK-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Sean O'Connor's Windows Games-->"C:\Program Files\Sean O'Connor's Windows Games\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartControl II-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDA7A7CB-F1DE-42A9-83A6-27BE6CD6E8F3}\setup.exe" -l0x9 -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SPORE™ På eventyr i galaksen-->"C:\Program Files\InstallShield Installation Information\{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}\setup.exe" -runfromtemp -l0x0014 -removeonly
SPORE™ Skummelt og søtt ekstrautstyr-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0014 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0014 -removeonly
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Telenor Sikker Lagring (2.1.209)-->"C:\Program Files\Telenor Sikker Lagring\unins000.exe"
TES Construction Set-->RunDll32 C:\PROGRA~3\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Spill\Morrowind\CSUninstall\Setup.exe" -l0x9
The Sims™ 3 Reisefeber-->"C:\Program Files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe" -runfromtemp -l0x0014 -removeonly
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0014 -removeonly
TmUnitedForever-->"C:\Spill\Trackmania United Forever\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~3\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~3\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~3\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}
Windows Live Fotogalleri-->MsiExec.exe /X{66F0F316-B9B7-4DC5-A935-1C54BA516D45}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{D9E3F4DD-2B33-4E5E-BCD3-7F08F6296E18}
Windows Live Messenger-->MsiExec.exe /X{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}
Windows Live Movie Maker-->MsiExec.exe /X{046204EB-610B-470B-AE40-2B5D9AE5755E}
Windows Live Sync-->MsiExec.exe /X{9A44DC95-026F-4A07-98A0-EBDB9ED2DE19}
Windows Live Writer-->MsiExec.exe /X{52243BD3-3142-4331-B0AB-F1A82EEECE1C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows-lydoppsett-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR Arkiverer-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AV: Norton 360 Online
FW: Norton 360 Online
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: Norton 360 Online

======System event log======

Computer Name: Christians-PC
Event Code: 4201
Message: Fant at nettverkskortet Loopback Pseudo-Interface 1 var koblet til nettverket, og har startet normal operasjon.
Record Number: 142827
Source Name: Tcpip
Time Written: 20090725190715.727627-000
Event Type: Informasjon
User:

Computer Name: Christians-PC
Event Code: 4201
Message: Fant at nettverkskortet Loopback Pseudo-Interface 1 var koblet til nettverket, og har startet normal operasjon.
Record Number: 142826
Source Name: Tcpip
Time Written: 20090725190715.727627-000
Event Type: Informasjon
User:

Computer Name: Christians-PC
Event Code: 6
Message: Filesystemfilter Lbd (6.0, 2009-04-17T13:51:35.000Z) er lastet og registrert hos filterbehandling.
Record Number: 142825
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090725190715.665226-000
Event Type: Informasjon
User: NT AUTHORITY\SYSTEM

Computer Name: Christians-PC
Event Code: 6
Message: Filesystemfilter FileInfo (6.0, 2008-01-19T07:34:27.000Z) er lastet og registrert hos filterbehandling.
Record Number: 142824
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090725190715.665226-000
Event Type: Informasjon
User: NT AUTHORITY\SYSTEM

Computer Name: Christians-PC
Event Code: 6006
Message: Tjenesten Event Log ble stoppet.
Record Number: 142823
Source Name: EventLog
Time Written: 20090724224347.000000-000
Event Type: Informasjon
User:

=====Application event log=====

Computer Name: 26L2233A1-06
Event Code: 1003
Message: Windows Search-tjenesten har startet.

Record Number: 5
Source Name: Microsoft-Windows-Search
Time Written: 20080803183144.000000-000
Event Type: Informasjon
User:

Computer Name: 26L2233A1-06
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20080803183143.000000-000
Event Type: Informasjon
User:

Computer Name: LH-LZ7KYF9TVH72
Event Code: 4625
Message: EventSystem-delsystemet demper dupliserte handlingsloggoppføringer i 86400 sekunder. Dempingstidsavbruddet kan kontrolleres ved en REG_DWORD-verdi med navnet SuppressDuplicateDuration under følgende registernøkkel: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 3
Source Name: Microsoft-Windows-EventSystem
Time Written: 20080803183139.000000-000
Event Type: Informasjon
User:

Computer Name: LH-LZ7KYF9TVH72
Event Code: 900
Message: Software Licensing-tjenesten starter.

Record Number: 2
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080803183139.000000-000
Event Type: Informasjon
User:

Computer Name: LH-LZ7KYF9TVH72
Event Code: 1531
Message: Tjenesten User Profile er startet.


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080803183138.000000-000
Event Type: Informasjon
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Christians-PC
Event Code: 5032
Message: Tjenesten Windows Firewall kan ikke varsle brukeren om at et program ble blokkert slik at det ikke kan motta innkommende tilkoblinger på nettverket.

Feilkode: 2
Record Number: 11888
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080917123300.661120-000
Event Type: Overvåking mislykket
User:

Computer Name: Christians-PC
Event Code: 4672
Message: Spesielle tillatelser tildelt ny pålogging:

Emne:
Sikkerhets-ID: S-1-5-21-4132980438-4288142498-251472933-1000
Kontonavn: Christroyer
Kontodomene: Christians-PC
Påloggings-ID: 0x37dae

Tilgangsrettigheter: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 11887
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080917123259.023120-000
Event Type: Overvåking vellykket
User:

Computer Name: Christians-PC
Event Code: 4624
Message: Det ble logget på en konto.

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: CHRISTIANS-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7

Påloggingstype: 2

Ny pålogging:
Sikkerhets-ID: S-1-5-21-4132980438-4288142498-251472933-1000
Kontonavn: Christroyer
Kontodomene: Christians-PC
Påloggings-ID: 0x37e09
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Prosessinformasjon:
Prosess-ID: 0x318
Prosessnavn: C:\Windows\System32\winlogon.exe

Nettverksinformasjon:
Navn på arbeidsstasjon: CHRISTIANS-PC
Adresse til kildenettverk: 127.0.0.1
Kildeport: 0

Detaljert godkjenningsinformasjon:
Påloggingsprosess: User32
Godkjenningspakke: Negotiate
Overførte tjenester: -
Pakkenavn (bare NTLM): -
Nøkkellengde: 0

Denne hendelsen genereres når en påloggingsøkt opprettes. Den genereres på datamaskinen der tilgang ble gitt.

Emnefeltene angir kontoen på det lokale systemet som bad om påloggingen. Dette er vanligvis en tjeneste som Server-tjenesten, eller en lokal prosess som Winlogon.exe eller Services.exe.

Påloggingstypefeltet angir hvilken påloggingstype som ble brukt. De vanligste typene er 2 (interaktiv) og 3 (nettverk).

Feltene for ny pålogging angir hvilken konto den nye påloggingen ble opprettet fra, det vil si kontoen som ble logget på.

Nettverksfeltene angir hvor den eksterne påloggingsforespørselen kom fra. Navnet på arbeidsstasjonen er ikke alltid tilgjengelig, og feltet kan enkelte ganger være tomt.

Feltene med godkjenningsinformasjon gir detaljert informasjon om denne bestemte påloggingsforespørselen.
- Påloggings-GUIDen er en entydig identifikator som kan brukes til å koordinere denne hendelsen med en KDC-hendelse.
- Overførte tjenester angir hvilke mellomliggende tjenester som har deltatt i denne påloggingsforespørselen.
- Pakkenavnet angir hvilken underprotokoll som ble brukt blant NTLM-protokollene.
- Nøkkellengden angir lengden til den genererte øktnøkkelen. Den er 0 hvis det ikke ble bedt om en øktnøkkel.
Record Number: 11886
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080917123259.023120-000
Event Type: Overvåking vellykket
User:

Computer Name: Christians-PC
Event Code: 4624
Message: Det ble logget på en konto.

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: CHRISTIANS-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7

Påloggingstype: 2

Ny pålogging:
Sikkerhets-ID: S-1-5-21-4132980438-4288142498-251472933-1000
Kontonavn: Christroyer
Kontodomene: Christians-PC
Påloggings-ID: 0x37dae
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Prosessinformasjon:
Prosess-ID: 0x318
Prosessnavn: C:\Windows\System32\winlogon.exe

Nettverksinformasjon:
Navn på arbeidsstasjon: CHRISTIANS-PC
Adresse til kildenettverk: 127.0.0.1
Kildeport: 0

Detaljert godkjenningsinformasjon:
Påloggingsprosess: User32
Godkjenningspakke: Negotiate
Overførte tjenester: -
Pakkenavn (bare NTLM): -
Nøkkellengde: 0

Denne hendelsen genereres når en påloggingsøkt opprettes. Den genereres på datamaskinen der tilgang ble gitt.

Emnefeltene angir kontoen på det lokale systemet som bad om påloggingen. Dette er vanligvis en tjeneste som Server-tjenesten, eller en lokal prosess som Winlogon.exe eller Services.exe.

Påloggingstypefeltet angir hvilken påloggingstype som ble brukt. De vanligste typene er 2 (interaktiv) og 3 (nettverk).

Feltene for ny pålogging angir hvilken konto den nye påloggingen ble opprettet fra, det vil si kontoen som ble logget på.

Nettverksfeltene angir hvor den eksterne påloggingsforespørselen kom fra. Navnet på arbeidsstasjonen er ikke alltid tilgjengelig, og feltet kan enkelte ganger være tomt.

Feltene med godkjenningsinformasjon gir detaljert informasjon om denne bestemte påloggingsforespørselen.
- Påloggings-GUIDen er en entydig identifikator som kan brukes til å koordinere denne hendelsen med en KDC-hendelse.
- Overførte tjenester angir hvilke mellomliggende tjenester som har deltatt i denne påloggingsforespørselen.
- Pakkenavnet angir hvilken underprotokoll som ble brukt blant NTLM-protokollene.
- Nøkkellengden angir lengden til den genererte øktnøkkelen. Den er 0 hvis det ikke ble bedt om en øktnøkkel.
Record Number: 11885
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080917123259.023120-000
Event Type: Overvåking vellykket
User:

Computer Name: Christians-PC
Event Code: 4648
Message: Det ble forsøkt en pålogging med uttrykt legitimasjon.

Emne:
Sikkerhets-ID: S-1-5-18
Kontonavn: CHRISTIANS-PC$
Kontodomene: WORKGROUP
Påloggings-ID: 0x3e7
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Konto hvis legitimasjon ble brukt:
Kontonavn: Christroyer
Kontodomene: Christians-PC
Påloggings-GUID: {00000000-0000-0000-0000-000000000000}

Målserver:
Målservernavn: localhost
Tilleggsinformasjon: localhost

Prosessinformasjon:
Prosess-ID: 0x318
Prosessnavn: C:\Windows\System32\winlogon.exe

Nettverksinformasjon:
Nettverksadresse: 127.0.0.1
Port: 0

Denne hendelsen genereres når en prosess prøver å logge på en konto ved eksplisitt å angi legitimasjonen for den kontoen. Dette er vanligst i satsvise konfigurasjoner som planlagte oppgaver, eller ved bruk av RUNAS-kommandoen.
Record Number: 11884
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080917123259.023120-000
Event Type: Overvåking vellykket
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#8
January 9, 2010 at 17:23:45
Download Combofix with internet explorer please instead of FireFox.

Remember..your Nortons antivirus, Windows Defender, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#9
January 9, 2010 at 19:47:04
IF jabuck way doesn't work try this

1 first reboot into safe mode with networking (its f8 when the
computers booting up)
2 restore all defaults in the windows firewall and internet
options( and under connections see its going though a proxy
server if it is uncheck it) from control panel.
3 open ccleaner and remove it from start-up
4 go to this website and download
this http://www.filehippo.com/download_m...
alware/
5 update it to the max
6 Run it at full scan and it should remove it
7 download and install spybot search & destory and run it
after you've updated it
8 run a anti virus scan using Norton
9 and its removed
if it comes back after this your surfing the wrong type of
websites


Report •

#10
January 10, 2010 at 04:30:36
turned off ad watch, cnt start Norton and w. defender gave me a blue screen

Report •

#11
January 10, 2010 at 04:40:06
should I just start it ??

Report •

#12
January 10, 2010 at 08:04:27
Yea, go ahead and run Combofix.

Report •

#13
January 10, 2010 at 10:05:30
ComboFix 10-01-04.01 - Christroyer 10.01.2010 18:34:57.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.47.1033.18.2047.965 [GMT 1:00]
Kjører fra: c:\users\Christroyer\Desktop\Combo-Fix.exe
AV: Norton 360 Online *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 Online *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton 360 Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
C:\install.exe
c:\recycler\S-1-5-21-1948413732-3302530671-554457670-1005
C:\Thumbs.db
c:\users\Christroyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z
c:\users\Christroyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif
c:\users\Christroyer\Desktop\Mine dokumenter\calendar\_install.exe
c:\windows\system32\drivers\H8SRTvmuxqxtuvt.sys
c:\windows\system32\H8SRTbjaiyxopgd.dll
c:\windows\system32\H8SRTdmopqxnfic.dll
c:\windows\system32\H8SRTpthlostxpt.dat
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
c:\windows\system32\Startup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-10 til 2010-01-10 )))))))))))))))))))))))))))))))))
.

2010-01-10 17:45 . 2010-01-10 17:56 -------- d-----w- c:\users\Christroyer\AppData\Local\temp
2010-01-10 17:45 . 2010-01-10 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-09 14:22 . 2010-01-09 14:22 -------- d-----w- c:\program files\trend micro
2010-01-09 14:22 . 2010-01-09 14:22 -------- d-----w- C:\rsit
2010-01-09 01:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-09 01:03 . 2010-01-09 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 01:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 00:24 . 2010-01-09 00:24 -------- d-----w- c:\program files\MB
2010-01-09 00:21 . 2010-01-09 00:21 -------- d-----w- c:\programdata\Malwarebytes
2010-01-06 14:51 . 2010-01-06 14:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-20 23:06 . 2009-12-20 23:47 -------- d-----w- c:\programdata\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 17:55 . 2009-06-01 13:51 32441 ----a-w- c:\programdata\nvModes.dat
2010-01-10 17:00 . 2008-10-31 20:45 -------- d-----w- c:\program files\Norton Security Scan
2010-01-10 16:49 . 2008-08-19 13:13 80330 ----a-w- c:\windows\system32\perfc014.dat
2010-01-10 16:49 . 2008-08-19 13:13 460000 ----a-w- c:\windows\system32\perfh014.dat
2010-01-10 15:51 . 2008-08-05 22:37 -------- d-----w- c:\users\Christroyer\AppData\Roaming\BitTorrent
2010-01-10 12:41 . 2009-10-09 18:32 -------- d-----w- c:\users\Christroyer\AppData\Roaming\Skype
2010-01-10 12:22 . 2009-10-09 18:38 -------- d-----w- c:\users\Christroyer\AppData\Roaming\skypePM
2010-01-10 00:47 . 2009-02-17 11:13 -------- d-----w- c:\programdata\Google Updater
2010-01-09 01:23 . 2008-08-05 22:36 -------- d-----w- c:\users\Christroyer\AppData\Roaming\DNA
2010-01-09 01:08 . 2008-11-28 23:31 -------- d-----w- c:\users\Christroyer\AppData\Roaming\LimeWire
2010-01-06 15:24 . 2008-08-03 18:42 1356 ----a-w- c:\users\Christroyer\AppData\Local\d3d9caps.dat
2009-12-25 00:41 . 2009-02-17 11:13 -------- d-----w- c:\program files\Google
2009-12-20 23:37 . 2008-08-07 14:34 -------- d-----w- c:\program files\Electronic Arts
2009-12-20 23:37 . 2008-08-03 19:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-20 23:11 . 2009-08-04 11:05 -------- d-----w- c:\program files\Ubisoft
2009-12-20 11:57 . 2009-12-09 22:59 -------- d-----w- c:\program files\Garena
2009-12-19 16:22 . 2009-12-19 16:22 614136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 11:33 . 2009-07-08 12:17 -------- d-----w- c:\program files\DAEMON Tools
2009-12-13 19:57 . 2008-10-18 18:27 -------- d-----w- c:\programdata\CanonIJPLM
2009-12-09 21:29 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 14:14 . 2009-01-15 20:45 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-27 22:43 . 2008-09-05 16:26 -------- d-----w- c:\users\Christroyer\AppData\Roaming\SPORE
2009-11-26 21:44 . 2009-11-26 21:44 -------- d-----w- c:\program files\YouTube Downloader
2009-11-25 17:33 . 2009-09-23 16:33 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-22 12:01 . 2009-11-22 12:01 -------- d-----w- c:\program files\AltoMP3 Gold
2009-11-21 06:40 . 2009-12-09 13:47 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 13:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 13:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 13:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 16:39 . 2009-11-17 16:39 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 16:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 16:38 . 2009-11-17 16:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 16:38 . 2009-11-17 16:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 12:31 . 2009-12-09 14:08 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 14:08 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 14:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-02 19:42 . 2009-10-06 14:51 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-26 18:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-26 17:33 . 2009-07-13 16:59 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-20 12:33 . 2009-10-26 21:29 545280 ----a-w- c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-10-20 12:33 . 2009-10-26 21:29 4716544 ----a-w- c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-10-20 12:33 . 2009-10-26 21:29 344064 ----a-w- c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-10-20 12:33 . 2009-10-26 21:29 153600 ----a-w- c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-10-20 12:33 . 2009-10-26 21:29 103424 ----a-w- c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Skytel"="Skytel.exe" [2007-06-18 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-08 4669440]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DT PHL"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-08-29 86016]
"D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2008-04-15 1675264]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-23 520024]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\Christroyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Christroyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper og Launcher.lnk]
path=c:\users\Christroyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper og Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Christroyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telenor Sikker Lagring.lnk]
path=c:\users\Christroyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telenor Sikker Lagring.lnk
backup=c:\windows\pss\Telenor Sikker Lagring.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-19 11:39 342848 ----a-w- c:\users\Christroyer\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-01-07 18:37 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):80,3a,ea,5a,15,62,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [13.07.2009 18:00 64160]
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [12.07.2009 02:30 3033712]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~4\Symantec\DEFINI~1\SymcData\idsdefs\20091217.001\IDSvix86.sys [18.12.2009 22:07 286768]
S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [15.01.2008 11:39 97792]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\System32\drivers\Dnetr28u.sys [03.08.2009 17:56 735232]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-12-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:33]

2010-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-17 14:55]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 11:15]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 11:15]

2010-01-10 c:\windows\Tasks\Norton Security Scan for Christroyer.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{15DBD6D0-A323-471C-88D5-A02C4DF072AA}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Tilleggsskanning -------
.
IE: E&xport to Microsoft Excel - c:\progra~3\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchslate.com/wp.ashx?ref=home&id=118
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - component: c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\Christroyer\AppData\Roaming\Mozilla\Firefox\Profiles\bflwd6sm.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Christroyer\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\Christroyer\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");
.
- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-WinSys2 - c:\windows\system32\startup.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Deer Hunter 2005_is1 - c:\spill\Deer Hunter 2005\unins000.exe
AddRemove-Football Manager 2009 - c:\spill\Football Manager 2009\Uninstall_Football Manager 2009\Avinstaller Football Manager 2009.exe
AddRemove-sc09-NRK_MAIN - c:\spill\Ski Challenge 09\uninstall.exe

**************************************************************************
skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\CHRIST~1\AppData\Local\Temp\EUBC745.tmp"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4132980438-4288142498-251472933-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:99,76,2a,20,4f,15,a9,a6,2f,a3,39,13,7a,c5,5c,9d,91,59,59,70,7f,12,3d,
66,52,50,bf,6a,c0,e0,07,fd,33,f9,df,0d,fe,2f,ac,2b,72,26,07,a2,6e,cb,c4,d4,\
"??"=hex:3f,0c,08,17,53,1a,3f,8d,e1,dd,e9,f7,ad,a0,75,19

[HKEY_USERS\S-1-5-21-4132980438-4288142498-251472933-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:12,0e,0c,34,4e,22,6f,2c,5d,d7,1c,53,57,7e,cd,1e,ce,1d,d0,fc,82,
71,a1,90,af,63,af,90,b2,53,ea,b3,70,5c,33,56,03,93,14,6f,d3,eb,58,65,7f,80,\
"rkeysecu"=hex:5f,6c,ad,df,d6,00,41,6f,85,11,f3,f0,7b,03,df,22

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'Explorer.exe'(1268)
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_nor.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\folding@homecpu\1\Fah.exe
c:\folding@homecpu\2\Fah.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-01-10 19:03:16 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-01-10 18:03

Pre-Run: 2 341 400 576 byte ledig
Post-Run: 1 758 261 248 byte ledig

- - End Of File - - DB8055806BFD4F5617C7B14056A9160C


Report •

#14
January 10, 2010 at 10:10:29
Am I done now?? i couldnt open any programs, tried to open word to write this,, but wont try anything until u tell me to.... thx a lot for the help, if it works I wont have to take my computer to some PC "doctors" ;)

Report •

#15
January 10, 2010 at 14:09:20
Let me know how the computer is operating.

A little clean-up to do.

Delete RSIT and exeHelper from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Please download TFC by Old Timer from the following link and save it to your desktop.

TFC by Old Timer



1. Save any unsaved work. TFC will close ALL open programs including your browser

2. Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.

3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

4. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#16
January 10, 2010 at 14:23:43
Using the following guide at the provided link you need to empty the restore folder and create a new restore point. The information is at the bottom of the page.

Do not do a system restore you just want to empty the the infected one on your computer.


ComboFix



Report •

#17
January 10, 2010 at 15:57:29
Going to fix problems as usual w Norton 360 (disc opt. logs ....) and then install spywarebl. but can I just use it normaly now??? thank u a lot m8, really appreciate it ill be more careful from now on... and nw Ive gt the restore point 2 use in the future if anything happends :) ill PM u if sumthins wrong thx 4 ur help ;)

Report •

#18
January 10, 2010 at 16:06:30
internet is workin!! and everything works fast n smoothly ;] shud I delete Malwarebytes ??

Report •

#19
January 10, 2010 at 16:27:44
You should keep Malwarebytes, just update it before you use it. Glad we could help.

Report •

Ask Question