Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Did I get rid of malware?


  • This topic is locked This topic is locked
15 replies to this topic

#1 emmah

emmah

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 07 October 2008 - 03:32 AM

Norton alarmed that my computer was attacked as I tried to enter a very normal website. According to Norton the threat was blocked.
That is exactly when my computer started acting weird. On Google website there was this link to a totally weird website that didnt belong there.

Suddenly Spybot started to report lots and lots of request for registry changes. I mean many, many. It wouldnt stop. I searched
with Norton and with Spybot several times, got rid of some and malware and found a few again. Eventually I had to close down the computer.

For a while it seemed like I managed to get rid of whatever it was, but now I realise that something is wrong anyway.
Norton couldn't run update virus definitions, I couldn't log on to some websites from my PC (but from other PC), extremely slow PC etc. I also noticed
that remote access to my computer was active. I changed the settings immediately of course.

Since then I have searched, read and done everything I could. Among other things I installed and run MalwareBytes that found Backdoor.bot.
I read a bit about backdoor.bot and now I am really worried.

I have done everything according to the Preparation Guide. My Hijackthislog is here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:35, on 2008-10-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Arcade\PCMService.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\BitDefender\BitDefender 2009\bdagent.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\acer\eRecovery\Monitor.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BDAgent] "C:\Program\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program\Delade filer\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 10452 bytes

Looking forward to Yor feedback!
Regs /emma

BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 10 October 2008 - 07:36 PM

hi Emmah.

My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.
Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.


Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

I have some question though,

1. Is you Norton/Symantec still have a license? I can see you already running bitdefender.

Please follow the instruction below;
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
With Regards,
mas_pogi

#3 emmah

emmah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 October 2008 - 06:29 AM

Hello mas_pogi

Thanks for reply.

Yes, Norton has a lisence. Since I couldnt update Norton I uninstalled and tried Bitdefender.

Logfiles are below.
Logfile of random's system information tool 1.04 (written by random/random)
Run by emma at 2008-10-11 13:13:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (42%) free of 46 GB
Total RAM: 1022 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:23, on 2008-10-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Arcade\PCMService.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program\BitDefender\BitDefender 2009\bdagent.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\acer\eRecovery\Monitor.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\emma\Skrivbord\Jagar virus\RSIT.exe
C:\program files\HijackThis\emma.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BDAgent] "C:\Program\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program\Delade filer\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11011 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-07 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-07 126976]
"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
"PCMService"=C:\Program\Arcade\PCMService.exe [2005-03-09 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-08 339968]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-03-28 188416]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-24 2880512]
"LManager"=C:\Program\Launch Manager\QtZgAcer.EXE [2005-03-28 319488]
"eRecoveryService"=C:\Windows\System32\Check.exe [2005-03-23 245760]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"Share-to-Web Namespace Daemon"=C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program\iTunes\iTunesHelper.exe [2008-07-10 289064]
"Symantec PIF AlertEng"=C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048]
"BDAgent"=C:\Program\BitDefender\BitDefender 2009\bdagent.exe [2008-10-06 716800]
"BitDefender Antiphishing Helper"=C:\Program\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"SunJavaUpdateSched"=C:\Program\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"SpybotSD TeaTimer"=C:\Program\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
hp psc 2000 Series.lnk - C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
officejet 6100.lnk - C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-07 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Installerade program\HP Color Laser Jet 2600n\SETUP.EXE"="D:\Installerade program\HP Color Laser Jet 2600n\SETUP.EXE:*:Enabled:Setup"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program\Messenger\msmsgs.exe"="C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program\Lexmark 6500 Series\LXDFFax.exe"="C:\Program\Lexmark 6500 Series\LXDFFax.exe:*:Enabled:Fax Solutions Software"
"C:\Program\Lexmark 6500 Series\lxdfmon.exe"="C:\Program\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdfpswx.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\System32\lxdfcoms.exe"="C:\WINDOWS\System32\lxdfcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program\Lexmark 6500 Series\lxdfamon.exe"="C:\Program\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program\Lexmark 6500 Series\FRun.exe"="C:\Program\Lexmark 6500 Series\FRun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFTIME.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFTIME.EXE:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFJSWX.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFJSWX.EXE:*:Enabled:Job Status Window Interface"
"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program\iTunes\iTunes.exe"="C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd38028-9b2d-11dc-a010-00c09f9f642c}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-11 13:13:17 ----D---- C:\rsit
2008-10-10 00:04:15 ----D---- C:\Program\Sun
2008-10-10 00:03:55 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-10 00:03:55 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-10 00:03:55 ----A---- C:\WINDOWS\system32\java.exe
2008-10-10 00:02:19 ----D---- C:\Program\Java
2008-10-10 00:01:58 ----D---- C:\Program\Delade filer\Java
2008-10-07 09:57:05 ----D---- C:\program files
2008-10-07 03:00:32 ----D---- C:\Program\MSXML 4.0
2008-10-06 20:59:49 ----A---- C:\WINDOWS\bdagent.INI
2008-10-06 19:11:31 ----D---- C:\WINDOWS\system32\logs
2008-10-06 19:11:27 ----D---- C:\Documents and Settings\emma\Application Data\BitDefender
2008-10-06 19:11:26 ----D---- C:\Binaries
2008-10-06 19:11:06 ----D---- C:\Program\BitDefender
2008-10-06 19:11:06 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-06 19:10:10 ----D---- C:\WINDOWS\system32\URTTEMP
2008-10-06 19:05:35 ----D---- C:\Program\Delade filer\BitDefender
2008-10-06 19:02:02 ----D---- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-10-06 13:11:47 ----A---- C:\FtpCmd.txt
2008-10-06 12:56:14 ----D---- C:\Program\Lavasoft
2008-10-06 12:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-06 12:55:42 ----D---- C:\Program\Delade filer\Wise Installation Wizard
2008-10-06 12:10:34 ----D---- C:\Documents and Settings\emma\Application Data\Mozilla
2008-10-06 12:10:08 ----D---- C:\Program\Mozilla Firefox
2008-10-04 18:42:41 ----D---- C:\Documents and Settings\emma\Application Data\Malwarebytes
2008-10-04 18:42:37 ----D---- C:\Program\Malwarebytes' Anti-Malware
2008-10-04 18:42:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 12:01:26 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-04 10:49:56 ----D---- C:\WINDOWS\Prefetch
2008-10-04 10:22:08 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-04 10:22:02 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-04 10:21:55 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-04 10:21:49 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-04 10:21:43 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-04 10:21:37 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-04 10:21:26 ----HD---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-04 10:21:18 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-04 10:21:12 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-04 10:21:06 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-04 10:20:59 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-04 10:20:52 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-04 10:20:43 ----HD---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-04 10:17:11 ----D---- C:\WINDOWS\system32\sv-se
2008-10-04 10:17:10 ----D---- C:\WINDOWS\system32\sv
2008-10-04 10:17:10 ----D---- C:\WINDOWS\l2schemas
2008-10-04 10:17:09 ----D---- C:\WINDOWS\system32\bits
2008-10-04 10:14:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-04 10:12:06 ----D---- C:\WINDOWS\network diagnostic
2008-10-04 10:08:14 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-04 10:08:12 ----D---- C:\WINDOWS\EHome
2008-10-02 20:31:29 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-22 13:36:25 ----D---- C:\Program\GlobalSCAPE
2008-09-22 13:32:07 ----D---- C:\Documents and Settings\emma\Application Data\GlobalSCAPE

======List of files/folders modified in the last 1 months======

2008-10-11 12:51:00 ----A---- C:\WINDOWS\system32\eRLog.ini
2008-10-11 12:48:00 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2008-10-10 23:25:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 09:13:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-06 16:57:02 ----A---- C:\WINDOWS\imsins.BAK
2008-10-04 10:52:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-04 10:51:50 ----A---- C:\WINDOWS\win.ini
2008-10-04 10:49:54 ----A---- C:\WINDOWS\setuplog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-09-19 82380]
R1 bdftdif;bdftdif; \??\C:\Program\Delade filer\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-18 17119]
R2 BDVEDISK;BDVEDISK; \??\C:\Program\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-08 970240]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-06 103944]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-24 34048]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-24 276480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-02-15 50960]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-03-08 22512]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-24 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-24 207616]
R3 int15.sys;int15.sys; \??\C:\Program\acer\eRecovery\int15.sys []
R3 NSCIRDA;Drivrutin för NSC-IR-enhet; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-04-06 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-10 157056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/trådlös 2200BG-drivrutin för nätverksanslutning för Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-24 703616]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-25 44032]
S3 BthEnum;Bluetooth-uppräknartjänst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth-enhet (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-portdrivrutin; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Bluetooth-radio USB-drivrutin; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-07 804572]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 Profos;Profos; \??\C:\Program\Delade filer\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RFCOMM;Bluetooth-enhet (RFCOMM-protokoll TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program\Delade filer\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program\Lavasoft\Ad-Aware\aawservice.exe [2008-10-06 611664]
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-08 348160]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 Bonjour Service;Bonjour-tjänst; C:\Program\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 EvtEng;EvtEng; C:\Program\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-06 393216]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048]
R2 RegSrvc;RegSrvc; C:\Program\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 VSSERV;BitDefender Virus Shield; C:\Program\BitDefender\BitDefender 2009\vsserv.exe [2008-10-06 1527808]
R3 iPod Service;iPod Service; C:\Program\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare; C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2008-02-09 238968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program\Delade filer\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-15 654848]
S3 LiveUpdate;LiveUpdate; C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.04 2008-10-11 13:13:26

======Uninstall list======

-->"C:\Program\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Program\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1C41BAA3-559A-483A-89A5-149F27F90D38}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1C41BAA3-559A-483A-89A5-149F27F90D38}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4E9201AE-EACC-4010-B0E8-C61736512A13}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4E9201AE-EACC-4010-B0E8-C61736512A13}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acer eManager for Notebook-->C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer eNetManagement-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePowerManagement-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x1d
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->C:\Program\Delade filer\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program\Delade filer\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program\Delade filer\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->C:\Program\Delade filer\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe SING CS3-->MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arcade 3.0-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
ATI - Hjälp för avinstallation av program-->C:\Program\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager-->C:\Program\Audible\Bin\Upgrade.exe /Uninstall
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Color LaserJet 2600n-->C:\Program\Zenographics\{9F417E61-CE11-43C5-9D1F-966AD0B5B73D}\SETUP.EXE -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant AC-Link Audio-->CIAunwdm.exe
Creative Mass Storage Drivers-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative MuVo V100-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Nano Plus-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
CuteFTP 5.0 XP-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.exe" -l0x9 /l0009 UNINSTALL
DivX Codec-->C:\Program\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Feedidentifiering (Windows Live Toolbar)-->MsiExec.exe /X{39F73F7F-53C8-474C-B4D7-63DF3A063CF5}
HijackThis 2.0.2-->"C:\program files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Foto och bilduppbyggnad 1.0 - PSC 2000 Series Drivrutin-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
HP Foto och bilduppbyggnad 1.0 - PSC 2000 Series-->C:\Program\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\sve\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Foto och bilduppbyggnad 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lexmark Verktygsfält-->regsvr32.exe /s /u "C:\Program\Lexmark Toolbar\toolband.dll"
LiveReg (Symantec Corporation)-->C:\Program\Delade filer\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Dreamweaver MX-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.3)-->C:\Program\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{19B622A5-0956-4080-843C-53A2E378BE5E}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Popup-blockeraren (Windows Live Toolbar)-->MsiExec.exe /X{14D9D3BE-531E-47BC-8746-92D391D3EA4A}
PowerProducer-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program\activePDF\PrimoPDF\Uninstall\uninstall.xml"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Readiris 7.5-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smarta menyer (Windows Live Toolbar)-->MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}
Snabbkorrigering för Windows Media Player 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Snabbkorrigering för Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025\HXFSETUP.EXE -U -Iqta00665.inf
Spybot - Search & Destroy-->"C:\Program\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Texas Instruments PCIxx21/x515 drivers.-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8E50332B-772C-4AEA-BF56-94DE6A1D5F10} /l1033
Uninstall XORBase ODBC Driver-->"C:\Program\XORBase ODBC Driver\unins000.exe"
Uppdatering för Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Webbsökning med flikar (Windows Live Toolbar)-->MsiExec.exe /X{8785120E-5BBF-46DA-A225-15BA9D2B4D24}
Verktygsfältet Outlook (Windows Live Toolbar)-->MsiExec.exe /X{EDE8FB19-9809-445E-991A-AE51EFA7E653}
Windows Live Messenger-->MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}
Windows Live Toolbar-->"C:\Program\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar-->MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Media Format 11 runtime-->"C:\Program\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program\WinRAR\uninstall.exe
XOR Compact 4.5-->C:\WINDOWS\IsUn041d.exe -fC:\Compact4\uninst.isu
Xvid 1.1.3 final uninstall-->"C:\Program\Xvid\unins000.exe"

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program\ATI Technologies\ATI Control Panel;C:\Program\Intel\Wireless\Bin\;C:\Program\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Regards
emma

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 11 October 2008 - 11:33 AM

hi emma.

Thanks for letting us know your situation. Your log is clean but I have to run some test just to know if it is really clean.
There are also remnants of symantec after your uninstallation and we need to remove that.
If you want retain your symantec(since you still have a license) we will do it after I declared you clean and will guide you for uninstallation of bitdefender. If you want to keep Bitdefender, it is ok too,


Please do the instructions below;
  • We will remove the remnants of Symantec AV. Please choose the product you have

    Download and run the Norton Removal Tool
    And follow the removal instructions in there.

  • I see you are running Teatimer.
    I suggest you to disable it because it can interfere with the changes you'll make on your system.
    When everything is done and your log is clean again, you can enable it again.
    If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    How to disable TeaTimer <== click me for instructions.
    After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
    Doubleclick ResetTeaTimer.bat and let it run.
    This will only take a few seconds.

    Reenable it after you finish all the instructions.
    :thumbsup:

  • Run HijackThis icon in your desktop by double-clicking it.
    Then do press "Do a System Scan Only".

    When the scan is complete place a check mark next to the following entries:

    02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


    After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."

  • Reboot your computer in normal mode

    • Run random's system information tool (RSIT) again from your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
In your reply, please post the result of Kaspersky's and fresh RSIT's log.txt

Thanks

Mark

#5 emmah

emmah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 October 2008 - 03:15 PM

Hello again

I intend to reinstall Norton when the PC is clean.

I did all steps you asked me to, however
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
could not be removed, since it wasnt there.

Here are the logs from rsit as You asked for in step 5.

Logfile of random's system information tool 1.04 (written by random/random)
Run by emma at 2008-10-11 20:49:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (43%) free of 46 GB
Total RAM: 1022 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:36, on 2008-10-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Arcade\PCMService.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program\QuickTime\QTTask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\BitDefender\BitDefender 2009\bdagent.exe
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Acer\eManager\anbmServ.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program\acer\eRecovery\Monitor.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\emma\Skrivbord\Jagar virus\RSIT.exe
C:\Program\trend micro\emma.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program\Delade filer\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Unknown owner - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9434 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-07 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-07 126976]
"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
"PCMService"=C:\Program\Arcade\PCMService.exe [2005-03-09 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-08 339968]
"EPM-DM"=c:\acer\epm\epm-dm.exe [2005-03-28 188416]
"ePowerManagement"=C:\Acer\ePM\ePM.exe [2005-03-24 2880512]
"LManager"=C:\Program\Launch Manager\QtZgAcer.EXE [2005-03-28 319488]
"eRecoveryService"=C:\Windows\System32\Check.exe [2005-03-23 245760]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-14 110592]
"Share-to-Web Namespace Daemon"=C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program\iTunes\iTunesHelper.exe [2008-07-10 289064]
"BDAgent"=C:\Program\BitDefender\BitDefender 2009\bdagent.exe [2008-10-06 716800]
"BitDefender Antiphishing Helper"=C:\Program\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"SunJavaUpdateSched"=C:\Program\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
hp psc 2000 Series.lnk - C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
officejet 6100.lnk - C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE
Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-02-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-07 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Installerade program\HP Color Laser Jet 2600n\SETUP.EXE"="D:\Installerade program\HP Color Laser Jet 2600n\SETUP.EXE:*:Enabled:Setup"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program\Messenger\msmsgs.exe"="C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Program\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader"
"C:\Program\Lexmark 6500 Series\LXDFFax.exe"="C:\Program\Lexmark 6500 Series\LXDFFax.exe:*:Enabled:Fax Solutions Software"
"C:\Program\Lexmark 6500 Series\lxdfmon.exe"="C:\Program\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdfpswx.exe"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\System32\lxdfcoms.exe"="C:\WINDOWS\System32\lxdfcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program\Lexmark 6500 Series\lxdfamon.exe"="C:\Program\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program\Lexmark 6500 Series\FRun.exe"="C:\Program\Lexmark 6500 Series\FRun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFTIME.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFTIME.EXE:*:Enabled:Lexmark Connect Time Executable"
"C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFJSWX.EXE"="C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\LXDFJSWX.EXE:*:Enabled:Job Status Window Interface"
"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program\iTunes\iTunes.exe"="C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\EMMA\Lokala inställningar\Temp\7zS30A.tmp\SymNRT.exe"="C:\Documents and Settings\EMMA\Lokala inställningar\Temp\7zS30A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\EMMA\Lokala inställningar\Temp\7zS30C.tmp\SymNRT.exe"="C:\Documents and Settings\EMMA\Lokala inställningar\Temp\7zS30C.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd38028-9b2d-11dc-a010-00c09f9f642c}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-11 20:49:21 ----D---- C:\Program\trend micro
2008-10-11 20:06:19 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-11 13:13:17 ----D---- C:\rsit
2008-10-10 00:04:15 ----D---- C:\Program\Sun
2008-10-10 00:03:55 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-10 00:03:55 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-10 00:03:55 ----A---- C:\WINDOWS\system32\java.exe
2008-10-10 00:02:19 ----D---- C:\Program\Java
2008-10-10 00:01:58 ----D---- C:\Program\Delade filer\Java
2008-10-07 09:57:05 ----D---- C:\program files
2008-10-07 03:00:32 ----D---- C:\Program\MSXML 4.0
2008-10-06 20:59:49 ----A---- C:\WINDOWS\bdagent.INI
2008-10-06 19:11:31 ----D---- C:\WINDOWS\system32\logs
2008-10-06 19:11:27 ----D---- C:\Documents and Settings\emma\Application Data\BitDefender
2008-10-06 19:11:26 ----D---- C:\Binaries
2008-10-06 19:11:06 ----D---- C:\Program\BitDefender
2008-10-06 19:11:06 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-06 19:10:10 ----D---- C:\WINDOWS\system32\URTTEMP
2008-10-06 19:05:35 ----D---- C:\Program\Delade filer\BitDefender
2008-10-06 19:02:02 ----D---- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-10-06 13:11:47 ----A---- C:\FtpCmd.txt
2008-10-06 12:56:14 ----D---- C:\Program\Lavasoft
2008-10-06 12:56:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-06 12:55:42 ----D---- C:\Program\Delade filer\Wise Installation Wizard
2008-10-06 12:10:34 ----D---- C:\Documents and Settings\emma\Application Data\Mozilla
2008-10-06 12:10:08 ----D---- C:\Program\Mozilla Firefox
2008-10-04 18:42:41 ----D---- C:\Documents and Settings\emma\Application Data\Malwarebytes
2008-10-04 18:42:37 ----D---- C:\Program\Malwarebytes' Anti-Malware
2008-10-04 18:42:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 12:01:26 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-04 10:49:56 ----D---- C:\WINDOWS\Prefetch
2008-10-04 10:22:08 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-04 10:22:02 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-04 10:21:55 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-04 10:21:49 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-04 10:21:43 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-04 10:21:37 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-04 10:21:26 ----HD---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-04 10:21:18 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-04 10:21:12 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-04 10:21:06 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-04 10:20:59 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-04 10:20:52 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-04 10:20:43 ----HD---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-04 10:17:11 ----D---- C:\WINDOWS\system32\sv-se
2008-10-04 10:17:10 ----D---- C:\WINDOWS\system32\sv
2008-10-04 10:17:10 ----D---- C:\WINDOWS\l2schemas
2008-10-04 10:17:09 ----D---- C:\WINDOWS\system32\bits
2008-10-04 10:14:55 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-04 10:12:06 ----D---- C:\WINDOWS\network diagnostic
2008-10-04 10:08:14 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-04 10:08:12 ----D---- C:\WINDOWS\EHome
2008-10-02 20:31:29 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-22 13:36:25 ----D---- C:\Program\GlobalSCAPE
2008-09-22 13:32:07 ----D---- C:\Documents and Settings\emma\Application Data\GlobalSCAPE

======List of files/folders modified in the last 1 months======

2008-10-11 20:41:34 ----A---- C:\WINDOWS\system32\eRLog.ini
2008-10-11 20:41:32 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2008-10-11 20:39:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 09:13:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-06 16:57:02 ----A---- C:\WINDOWS\imsins.BAK
2008-10-04 10:52:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-04 10:51:50 ----A---- C:\WINDOWS\win.ini
2008-10-04 10:49:54 ----A---- C:\WINDOWS\setuplog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-09-19 82380]
R1 bdftdif;bdftdif; \??\C:\Program\Delade filer\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-18 17119]
R2 BDVEDISK;BDVEDISK; \??\C:\Program\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 osanbm;osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-02-08 970240]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-06 103944]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-24 34048]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-24 276480]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-02-15 50960]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-03-08 22512]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-01-24 1038208]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-01-24 207616]
R3 int15.sys;int15.sys; \??\C:\Program\acer\eRecovery\int15.sys []
R3 NSCIRDA;Drivrutin för NSC-IR-enhet; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-04-06 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-10 157056]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/trådlös 2200BG-drivrutin för nätverksanslutning för Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-24 703616]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-01-10 449888]
S3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-25 44032]
S3 BthEnum;Bluetooth-uppräknartjänst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth-enhet (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-portdrivrutin; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Bluetooth-radio USB-drivrutin; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-07 804572]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 Profos;Profos; \??\C:\Program\Delade filer\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RFCOMM;Bluetooth-enhet (RFCOMM-protokoll TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program\Delade filer\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program\Lavasoft\Ad-Aware\aawservice.exe [2008-10-06 611664]
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-02-08 348160]
R2 Bonjour Service;Bonjour-tjänst; C:\Program\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 EvtEng;EvtEng; C:\Program\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program\Delade filer\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-06 393216]
R2 RegSrvc;RegSrvc; C:\Program\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 VSSERV;BitDefender Virus Shield; C:\Program\BitDefender\BitDefender 2009\vsserv.exe [2008-10-06 1527808]
R3 iPod Service;iPod Service; C:\Program\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare; C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program\Delade filer\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-15 654848]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program\WinPcap\rpcapd.exe [2003-04-04 77824]
S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-11 13:13:26

======Uninstall list======

-->"C:\Program\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Program\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1C41BAA3-559A-483A-89A5-149F27F90D38}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{1C41BAA3-559A-483A-89A5-149F27F90D38}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4E9201AE-EACC-4010-B0E8-C61736512A13}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{4E9201AE-EACC-4010-B0E8-C61736512A13}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acer eManager for Notebook-->C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer eNetManagement-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePowerManagement-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x1d
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->C:\Program\Delade filer\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program\Delade filer\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program\Delade filer\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->C:\Program\Delade filer\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe SING CS3-->MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Arcade 3.0-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
ATI - Hjälp för avinstallation av program-->C:\Program\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager-->C:\Program\Audible\Bin\Upgrade.exe /Uninstall
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Color LaserJet 2600n-->C:\Program\Zenographics\{9F417E61-CE11-43C5-9D1F-966AD0B5B73D}\SETUP.EXE -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant AC-Link Audio-->CIAunwdm.exe
Creative Mass Storage Drivers-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative MuVo V100-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{ED57CE70-0DC6-49AB-A33E-FAC212A6AF5E}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Nano Plus-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
CuteFTP 5.0 XP-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.exe" -l0x9 /l0009 UNINSTALL
DivX Codec-->C:\Program\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Feedidentifiering (Windows Live Toolbar)-->MsiExec.exe /X{39F73F7F-53C8-474C-B4D7-63DF3A063CF5}
HijackThis 2.0.2-->"C:\program files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Foto och bilduppbyggnad 1.0 - PSC 2000 Series Drivrutin-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
HP Foto och bilduppbyggnad 1.0 - PSC 2000 Series-->C:\Program\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\sve\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Foto och bilduppbyggnad 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Lexmark Verktygsfält-->regsvr32.exe /s /u "C:\Program\Lexmark Toolbar\toolband.dll"
LiveReg (Symantec Corporation)-->C:\Program\Delade filer\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Dreamweaver MX-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.3)-->C:\Program\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NTI Backup NOW! 4-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{19B622A5-0956-4080-843C-53A2E378BE5E}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Popup-blockeraren (Windows Live Toolbar)-->MsiExec.exe /X{14D9D3BE-531E-47BC-8746-92D391D3EA4A}
PowerProducer-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
PrimoPDF Redistribution Package-->MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program\activePDF\PrimoPDF\Uninstall\uninstall.xml"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Readiris 7.5-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smarta menyer (Windows Live Toolbar)-->MsiExec.exe /X{2770CB13-5093-4C94-A318-F103857E18B1}
Snabbkorrigering för Windows Media Player 10 - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Snabbkorrigering för Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025\HXFSETUP.EXE -U -Iqta00665.inf
Spybot - Search & Destroy-->"C:\Program\Spybot - Search & Destroy\unins001.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Texas Instruments PCIxx21/x515 drivers.-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8E50332B-772C-4AEA-BF56-94DE6A1D5F10} /l1033
Uninstall XORBase ODBC Driver-->"C:\Program\XORBase ODBC Driver\unins000.exe"
Uppdatering för Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Webbsökning med flikar (Windows Live Toolbar)-->MsiExec.exe /X{8785120E-5BBF-46DA-A225-15BA9D2B4D24}
Verktygsfältet Outlook (Windows Live Toolbar)-->MsiExec.exe /X{EDE8FB19-9809-445E-991A-AE51EFA7E653}
Windows Live Messenger-->MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{64E09E82-610D-4FB9-8722-1D2D1CD65A6B}
Windows Live Toolbar-->"C:\Program\Windows Live Toolbar\UnInstall.exe" {45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Live Toolbar-->MsiExec.exe /X{45EA1531-5226-4FC4-9341-8D0C8CEC502F}
Windows Media Format 11 runtime-->"C:\Program\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program\WinRAR\uninstall.exe
XOR Compact 4.5-->C:\WINDOWS\IsUn041d.exe -fC:\Compact4\uninst.isu
Xvid 1.1.3 final uninstall-->"C:\Program\Xvid\unins000.exe"

======Security center information======

AV: BitDefender Antivirus
FW: BitDefender Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program\ATI Technologies\ATI Control Panel;C:\Program\Intel\Wireless\Bin\;C:\Program\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

I am now doing the Kaspersy scan but I didnt manage to shut down Bitdefender, will that be a problem?
If it will, please tell me how to shut down Bitdefender
Should I make a fresh rsit log AFTER Kaspersky scan or is this the one You mean?

Regards
emma

#6 emmah

emmah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 October 2008 - 07:34 PM

Hello
Hera is the log:
Sunday, October 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 11, 2008 20:06:09
Records in database: 1305349
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 143209
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 02:57:50

File name Threat name Threats count
C:\System Volume Information\_restore{C657EDC9-34A1-4ECA-ABE3-5B715D06C4E9}\RP623\A0080909.exe Infected: Trojan-Spy.Win32.Zbot.fil 1
The selected area was scanned.

regards
emma

#7 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 11 October 2008 - 08:15 PM

hi Emma.

Think you already manage to have the log.

Please wait for my final instruction. It also need coach approval.

Thanks.

Mark

edit....

Edited by mas_pogi, 11 October 2008 - 08:21 PM.


#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 12 October 2008 - 03:13 AM

Hello emmah.

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

We will reinstall your Norton after your done with this post. Please reply after you finish all the instruction.

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Please delete the RSIT.exe located at your desktop.
  • Please also delete the c:\RSIT
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall

  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.

  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file

  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.

  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Mark

#9 emmah

emmah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 12 October 2008 - 05:45 AM

Hello Mark

Thanks a lot for Your help. :thumbsup:
I have done most on Your list above. The firewall, I guess, will be cleared when reinstalling Norton Internet Security.
The system is running smothly, no problem.

One thing though, I had automatic update for XP set all the time, now for some time I constantly have one update that is constant:
Säkerhetsuppdatering för Microsoft XML Core Services 4.0 Service Pack 2(KB936181) installeras (uppdatering 1 av 1)...
doesnt matter how many times I try, it still comes back. What to do?

Regards
emma

#10 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 12 October 2008 - 08:33 AM

hi emmah.


Are you ready to install the Norton?

Please do the following;
  • Please have your installer of Norton first. Of course :)
  • Please visit this site
    http://kb.bitdefender.com/KB333-en--How-to...itDefender.html
    Uninstalling BitDefender using the uninstall tool
    The second solution please.
    We will use this one. Actually ADD/REMOVE program of windows will do but I am
    thinking that some clutters will be left behind.

  • Save it to your desktop.
  • Disconnect your computer from the internet
  • Double click the uninstaller
  • After it is finish. Reboot your computer if it didn't reboot.
  • INstall your Norton now. I think you can handle that one :thumbsup:
Let me know if everything went ok in your next reply.


Säkerhetsuppdatering för Microsoft XML Core Services 4.0 Service Pack 2(KB936181) installeras (uppdatering 1 av 1)...
doesnt matter how many times I try, it still comes back. What to do?

What do you mean? It never finish its update? It failed to update?

Säkerhetsuppdatering för

Sorry. What is the meaning of this? Obviously..can't read it.

Mark

#11 emmah

emmah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 12 October 2008 - 08:42 AM

Oh, sorry.

"Säkerhetsuppdatering för Microsoft XML Core Services 4.0 Service Pack 2(KB936181) installeras (uppdatering 1 av 1)...

mean:
safetyupdating for Microsoft XML Core Services 4.0 Service Pack 2(KB936181) is being installed (updating 1 of 1)...

I do the updating, get message updating finished successfully but then a few minutes later the message to update is there again. for the same "Microsoft XML Core Services 4.0 Service Pack 2(KB936181)".

I will disconnect to uninstall Bitdefender and reinstall Norton right now.

//emma

#12 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 12 October 2008 - 08:56 AM

hi emmah.

Go ahead with the Norton.

I'll try to research about XML :thumbsup:

Mark

#13 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 12 October 2008 - 10:15 AM

hi emmah.

If you are finish with Norton. Please proceed with this instructions to fix the issue with
Microsoft XML Core Services 4.0 Service Pack 2


Please highlight all of the text in the Code box below.
Now, copy (Ctrl+C) and paste (Ctrl+V) the following to a new Notepad file.
Save the file, making sure that the Save as type box is set to "All Files", and name it fixme.bat Please save it on your desktop.
@echo off
ren %windir%\System32\msxml4.dll msxml4.orig
del fixme.bat
exit
Double click fixme.bat - A window will open and close. This is normal.
Now, manually download and install the KB936181 from here to fix the problem.


Let me know in your next reply.

Mark

#14 emmah

emmah
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 12 October 2008 - 11:23 AM

Hi Mark

Seems like all is working well now and I got windows update working as well (no updatemessage so far)

Thanks a lot!

:-)
emma

#15 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:34 PM

Posted 12 October 2008 - 11:25 AM

hi emmah.

You're welcome.

Glad to help you.

Mark




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users