Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Perfect Defender malware, please help me remove.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Chrozon

Chrozon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 14 December 2008 - 07:57 AM

Hey, I've recently gotten several pop-up activities, it really confused me and I nearly downloaded the program, since it was the windows firewall pop-up and it said it was windows certified on the web page. But I didn't get fooled so easily and researched it some more, and I discovered that it was a malware program. Now I've looked into some things and I'll try to provide you with as much info as possible.

The pop-up redirects me to a Perfect Defender 2009 web page.
Whenever I start my firefox/IE browser a page saying my computer is infected will come up before I can go on.
My C:Documents and SettingsusernameApplication DataGoogle has a Firewall file called fhexj6825097.exe
If I run msconfig a system failure pops up and my system restarts.
I have absolutely NO IDEA where I got this from, it was suddenly there, I cant even remember any dos window coming up.

AVG, eTrust, Ad-Aware, Spybot, nothing detects it.

Can anyone help?

Posted Dec. 14, 2008 08:26 AM

This is my HijackThis log, sorry for the double post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:08 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe
C:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDClock.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDCountdown.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDPop3.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDMedia.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesCASharedComponentsiTechnologyigateway.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesCAeTrustITMInoRpc.exe
C:Program FilesCAeTrustITMInoRT.exe
C:Program FilesCAeTrustITMInoTask.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:WINDOWSsystem32LVComsX.exe
C:HJTHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:Program FilesStylerTBStylerTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SoundMax] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [Launch LCDMon] "C:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe"
O4 - HKLM..Run: [Launch LGDCore] "C:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe" /SHOWHIDE
O4 - HKLM..Run: [Realtime Monitor] "C:Program FilesCAeTrustITMrealmon.exe" -s
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:Program FilesCASharedComponentsiTechnologyigateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:Program FilesCAeTrustITMInoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:Program FilesCAeTrustITMInoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:Program FilesCAeTrustITMInoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

--
End of file - 9126 bytes

Posted Dec. 14, 2008 08:55 AM

Sorry for my third post, but here is my RSIT log:

info.txt:

info.txt logfile of random's system information tool 1.04 2008-12-14 14:37:34

======Uninstall list======

-->C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:Program FilesCommon FilesAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Flash Player ActiveX-->C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:Program FilesCommon FilesAdobeInstallers2ac78060bc5856b0c1cf873bb919b58Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 - Norsk-->MsiExec.exe /I{AC76BA86-7AD7-1044-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:WINDOWSsystem32adobeSHOCKW~1UNWISE.EXE C:WINDOWSsystem32AdobeSHOCKW~1Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alarm 2.0.4-->"C:Program FilesAlarmunins000.exe"
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:Program FilesAudacityunins000.exe"
AVG Free 8.0-->C:Program FilesAVGAVG8setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA iTechnology iGateway-->MsiExec.exe /X{847501DF-07C0-4691-B04A-893929F108AE}
Call of Duty 4: Modern Warfare-->"C:Program FilesSteamsteam.exe" steam://uninstall/7940
CCleaner (remove only)-->"C:Program FilesCCleaneruninst.exe"
Cheat Engine 5.4-->"C:Program FilesCheat Engineunins000.exe"
Counter-Strike: Source-->"C:Program FilesSteamsteam.exe" steam://uninstall/240
Curse Client-->C:Program FilesCurseuninstall.exe
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)-->rundll32.exe advpack.dll,LaunchINFSection DamnNFO.inf,DefaultUninstall
DC++ 0.705-->"C:Program FilesDC++uninstall.exe"
DC-Bass Source 1.00-->"C:Program FilesDSP-worxDC-Bass SourceUninstall.exe"
DivX Web Player-->C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
Drivrutiner for Logitech® Camera-->"C:Program FilesCommon FilesLogitechQCDRVBINSETUP.EXE" UNINSTALL REMOVEPROMPT
EXPERTool-->RunDll32 Setupapi.dll,InstallHinfSection TB.Remove 4 TBNT4.inf
Far Cry 2-->"C:Program FilesInstallShield Installation Information{F2835483-37F2-4123-B4FE-0E77D58447F2}setup.exe" -runfromtemp -l0x0009 -removeonly
FileZilla Client 3.0.9.3-->C:Program FilesFileZilla FTP Clientuninstall.exe
Free YouTube Download 2.2-->"C:Program FilesDVDVideoSoftFree YouTube Downloadunins000.exe"
Gadget Installer-->MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
Garry's Mod-->"C:Program FilesSteamsteam.exe" steam://uninstall/4000
Gears of War-->C:Program FilesInstallShield Installation Information{1170D24F-42B7-40CF-AA1B-6395CE562354}Setup.exe -runfromtemp -l0x0409
Guitar Pro 5.2-->"C:Program FilesGuitar Pro 5unins000.exe"
Hamachi 1.0.3.0-->C:Program FilesHamachiuninstall.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:HJTHijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe"
HyperCam 2-->"C:Program FilesHyCam2UnHyCam2.exe"
IconPackager-->C:PROGRA~1StardockOBJECT~1ICONPA~1iconpackager.exe /uninstallwise
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:Program FilesK-Lite Codec Packunins000.exe"
LClock-->C:Program FilesLClockUninstall.exe
Little Fighter 2 1.9c-->C:Program FilesLittleFighter2LF2_v1.9cuninst.exe
Logitech GamePanel Software 2.02-->MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech QuickCam Software-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C43048A9-742C-4DAD-90D2-E3B53C9DB825}setup.exe" -l0x9
Magic ISO Maker v5.4 (build 0256)-->C:PROGRA~1MagicISOUNWISE.EXE C:PROGRA~1MagicISOINSTALL.LOG
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->c:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFmpg4c32.inf
Microsoft Office 2007 Recent Documents Gadget-->MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MixMeister BPM Analyzer 1.0-->"C:Program FilesMixMeister BPM Analyzerunins000.exe"
Mozilla Firefox (3.0.4)-->C:Program FilesMozilla Firefoxuninstallhelper.exe
muveeNow 2.1-->C:Program FilesInstallShield Installation Information{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:WINDOWSsystem32nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Oblivion-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{35CB6715-41F8-4F99-8881-6FC75BF054B0}setup.exe" -l0x9 -removeonly
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO-->"C:Program FilesPowerISOuninstall.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:WINDOWSsystem32pbsvc.exe -u
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
RealWorld Change Cursor-->MsiExec.exe /I{35E41C2E-9111-44AA-B8C4-20D4D59DD990}
Recordpad-->C:Program FilesNCH Swift SoundRecordpaduninst.exe
Resident Evil 4 1.10-->"D:GamesResident Evil 4unins000.exe"
Resource Hacker 3.4.0-->"C:WINDOWSResource Hacker 3.4.0uninstall.exe" "/U:C:Program FilesResource Hacker 3.4.0Uninstalluninstall.xml"
Right Click Image Converter-->"C:Program FilesKristanixRight Click Image Converteruninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe"
Security Update for Windows XP (KB938464)-->"C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe"
Security Update for Windows XP (KB941569)-->"C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe"
Security Update for Windows XP (KB950760)-->"C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe"
Security Update for Windows XP (KB950762)-->"C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe"
Security Update for Windows XP (KB950974)-->"C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe"
Security Update for Windows XP (KB951066)-->"C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe"
Security Update for Windows XP (KB951376)-->"C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe"
Security Update for Windows XP (KB951698)-->"C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe"
Security Update for Windows XP (KB951748)-->"C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe"
Security Update for Windows XP (KB952954)-->"C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe"
Security Update for Windows XP (KB953839)-->"C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe"
Security Update for Windows XP (KB954211)-->"C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe"
Security Update for Windows XP (KB954459)-->"C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe"
Security Update for Windows XP (KB954600)-->"C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe"
Security Update for Windows XP (KB955069)-->"C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe"
Security Update for Windows XP (KB956391)-->"C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe"
Security Update for Windows XP (KB956802)-->"C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe"
Security Update for Windows XP (KB956803)-->"C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe"
Security Update for Windows XP (KB956841)-->"C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe"
Security Update for Windows XP (KB957095)-->"C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe"
Security Update for Windows XP (KB957097)-->"C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe"
Security Update for Windows XP (KB958644)-->"C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoundMAX-->RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe" -l0x14 -removeonly
Spybot - Search & Destroy-->"C:Program FilesSpybot - Search & Destroyunins000.exe"
Starcraft-->C:WINDOWSSCunin.exe C:WINDOWSSCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"D:GamesStepManiauninstall.exe"
Styler-->MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
SwiftKit-->C:Program FilesSwiftKitUninstall.exe
Switch Sound File Converter-->C:Program FilesNCH Swift SoundSwitchuninst.exe
System Requirements Lab-->C:Program FilesSystemRequirementsLabUninstall.exe
Unlocker 1.8.5-->C:Program FilesUnlockeruninst.exe
Update for Windows XP (KB898461)-->"C:WINDOWS$NtUninstallKB898461$spuninstspuninst.exe"
Update for Windows XP (KB942763)-->"C:WINDOWS$NtUninstallKB942763$spuninstspuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe"
Update for Windows XP (KB951978)-->"C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe"
Update for Windows XP (KB955839)-->"C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /X{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VeohTV BETA-->C:Program FilesInstallShield Installation Information{0405E51E-9582-4207-8F38-AC44201D3808}setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6f-->C:Program FilesVideoLANVLCuninstall.exe
Warsow 0.42-->"C:Program FilesWarsowunins000.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:PROGRA~1DIFX7B44739871F4D539FA473F57A832EA4B6A59EF06DPInst.exe /d /u C:WINDOWSsystem32DRVSTOREamdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194amdk8.inf
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:Program FilesWindows Live Safety CenterwlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:Program FilesWindows Live ToolbarUnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime-->"C:Program FilesWindows Media Playerwmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
Windows Media Player 11-->"C:Program FilesWindows Media PlayerSetup_wm.exe" /Uninstall
Windows Media Player 11-->"C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe"
Windows Sidebar-->RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Windows Vista Sounds Pack-->MsiExec.exe /I{E1230694-33DA-4E74-82E1-06CC9D545E9B}
WinRAR archiver-->C:Program FilesWinRARuninstall.exe
WinSCP 4.0.7-->"C:Program FilesWinSCPunins000.exe"
World of Warcraft-->C:Program FilesCommon FilesBlizzard EntertainmentWorld of Warcraft (2)Uninstall.exe
Xbox 360 Controller for Windows-->"C:WINDOWS$NtUninstall_Xbox_360_CC_Driver$spuninstspuninst.exe"
Xfire (remove only)-->"C:Program FilesXfireuninst.exe"
XviD MPEG-4 Video Codec-->C:WINDOWSsystem32rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:WINDOWSINFxvid.inf
ZD Soft Screen Recorder-->"C:Program FilesZD SoftScreen RecorderUninstall.exe"
ZD Soft Screen Video Decoder-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFscrvid.inf

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: ActiveArmor Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%system32cmd.exe
"Path"=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesAlky for ApplicationsLibraries;C:Program FilesQuickTimeQTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%TEMP
"TMP"=%SystemRoot%TEMP
"CLASSPATH"=.;C:Program FilesJavajre1.6.0_07libextQTJava.zip
"QTJAVA"=C:Program FilesJavajre1.6.0_07libextQTJava.zip
"CASHCOMP"=C:Program FilesCASharedComponents
"IGW_LOC"=C:Program FilesCASharedComponentsiTechnology

-----------------EOF-----------------




log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Torstein at 2008-12-14 14:37:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (37%) free of 115 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:33 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesAnalog DevicesSoundMAXSmax4.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe
C:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDClock.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDCountdown.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDPop3.exe
C:Program FilesLogitechGamePanel SoftwareLCD ManagerAppletsLCDMedia.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:WINDOWSsystem32LVComsX.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32msiexec.exe
C:WINDOWSsystem32MsiExec.exe
C:Program FilesCASharedComponentsiTechnologyigateway.exe
C:WINDOWSsystem32MsiExec.exe
C:Documents and SettingsTorsteinDesktopRSIT.exe
C:HJTTorstein.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:Program FilesStylerTBStylerTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SoundMax] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [Launch LCDMon] "C:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe"
O4 - HKLM..Run: [Launch LGDCore] "C:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe" /SHOWHIDE
O4 - HKLM..RunOnce: [UniGateway] msiexec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE}
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [uTorrent] "C:Program FilesuTorrentuTorrent.exe"
O4 - HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:Program FilesCASharedComponentsiTechnologyigateway.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

--
End of file - 8860 bytes

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksCheck Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Koblingshjelpeprogram for Adobe PDF Reader - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-05-02 308856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:Program FilesAVGAVG8avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:PROGRA~1SPYBOT~1SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:Program FilesJavajre1.6.0_07binssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:Program FilesWindows Live Toolbarmsntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:Program FilesStylerTBStylerTB.dll [2006-05-02 102400]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:Program FilesWindows Live Toolbarmsntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"=C:WINDOWSsystem32NvCpl.dll [2008-01-08 8523776]
"TkBellExe"=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-05-02 185896]
"QuickTime Task"=C:Program FilesQuickTimeQTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:Program FilesiTunesiTunesHelper.exe [2008-11-20 290088]
"SoundMax"=C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]
"Launch LCDMon"=C:Program FilesLogitechGamePanel SoftwareLCD ManagerLCDMon.exe [2007-12-13 2051096]
"Launch LGDCore"=C:Program FilesLogitechGamePanel SoftwareG-series SoftwareLGDCore.exe [2007-12-13 2095640]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
"UniGateway"=msiexec.exe /qn /X{847501DF-07C0-4691-B04A-893929F108AE} []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"MsnMsgr"=C:Program FilesWindows LiveMessengerMsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:Program FilesuTorrentuTorrent.exe [2008-10-11 270128]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG8_TRAY]
C:PROGRA~1AVGAVG8avgtray.exe [2008-11-28 1261336]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregCurseClient]
C:Program FilesCurseCurseClient.exe [2008-10-15 4789760]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
C:Program FilesDAEMON Tools Litedaemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGainward]
C:WINDOWSTBPanel.exe [2008-01-29 2177576]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
C:Program FilesiTunesiTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLClock]
C:Program FilesLClockLClock.exe [2004-09-19 65536]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechSoftwareUpdate]
C:Program FilesLogitechVideoManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechVideoRepair]
C:Program FilesLogitechVideoISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLogitechVideoTray]
C:Program FilesLogitechVideoLogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLVCOMSX]
C:WINDOWSsystem32LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
C:WINDOWSsystem32NvCpl.dll [2008-01-08 8523776]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
C:WINDOWSsystem32NvMcTray.dll [2008-01-08 81920]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPWRISOVM.EXE]
C:Program FilesPowerISOPWRISOVM.EXE [2008-07-07 167936]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
C:Program FilesQuickTimeQTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAX]
C:Program FilesAnalog DevicesSoundMAXSmax4.exe [2006-07-13 729088]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMAXPnP]
C:Program FilesAnalog DevicesCoresmax4pnp.exe [2006-12-18 868352]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
C:Program FilesSpybot - Search & DestroyTeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSteam]
C:Program FilesSteamSteam.exe [2008-10-10 1410296]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program FilesJavajre1.6.0_07binjusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-05-02 185896]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregUnlockerAssistant]
C:Program FilesUnlockerUnlockerAssistant.exe [2006-09-07 15872]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreguTorrent]
C:Program FilesuTorrentuTorrent.exe [2008-10-11 270128]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVeoh]
C:Program FilesVeoh NetworksVeohVeohClient.exe [2008-08-28 3660848]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Torstein^Start Menu^Programs^Startup^hamachi.lnk]
C:PROGRA~1Hamachihamachi.exe [2008-10-13 625952]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Torstein^Start Menu^Programs^Startup^Styler.lnk]
C:Documents and SettingsTorsteinApplication DataMicrosoftInstaller{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}_585b207a.exe [2008-05-02 15086]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^Torstein^Start Menu^Programs^Startup^Xfire.lnk]
C:PROGRA~1Xfirexfire.exe [2008-11-20 2986320]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2008-04-23 236928]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkaawservice]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent"
"D:GamesBF2.exe"="D:GamesBF2.exe:*:Enabled:Battlefield 2"
"C:Program FilesMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe"="C:Program FilesMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe:*:Enabled:Gears of War"
"D:GamesAge of Empires IIempires2.exe"="D:GamesAge of Empires IIempires2.exe:*:Enabled:Age of Empires II"
"D:GamesStarcraftStarCraft.exe"="D:GamesStarcraftStarCraft.exe:*:Enabled:Starcraft"
"D:GamesBF2BF2.exe"="D:GamesBF2BF2.exe:*:Enabled:BF2"
"C:Program FilesDC++DCPlusPlus.exe"="C:Program FilesDC++DCPlusPlus.exe:*:Enabled:DC++"
"C:Documents and SettingsTorsteinLocal SettingsTempRar$EX00.359ftpserver.exe"="C:Documents and SettingsTorsteinLocal SettingsTempRar$EX00.359ftpserver.exe:*:Enabled:Quick 'n Easy FTP Server 3.1"
"C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe"="C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binApache.exe:*:Enabled:Apache HTTP Server"
"C:Program FilesVeoh NetworksVeohVeohClient.exe"="C:Program FilesVeoh NetworksVeohVeohClient.exe:*:Enabled:Veoh Client"
"C:Program FilesWarsowwarsow_x86.exe"="C:Program FilesWarsowwarsow_x86.exe:*:Enabled:Warsow"
"C:Program FilesAVGAVG8avgemc.exe"="C:Program FilesAVGAVG8avgemc.exe:*:Enabled:avgemc.exe"
"C:Program FilesAVGAVG8avgupd.exe"="C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe"
"C:Program FilesLittleFighter2LF2_v1.9clf2.exe"="C:Program FilesLittleFighter2LF2_v1.9clf2.exe:*:Enabled:lf2"
"C:Program FilesMozilla Firefoxfirefox.exe"="C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox"
"C:Program FilesWorld of WarcraftRepair.exe"="C:Program FilesWorld of WarcraftRepair.exe:*:Enabled:Blizzard Repair Utility"
"C:Program FilesMozilla FirefoxArcEmuDatabasebinmysqld-nt.exe"="C:Program FilesMozilla FirefoxArcEmuDatabasebinmysqld-nt.exe:*:Enabled:mysqld-nt"
"C:Program FilesMozilla FirefoxArcEmuarcemu-logonserver.exe"="C:Program FilesMozilla FirefoxArcEmuarcemu-logonserver.exe:*:Enabled:arcemu-logonserver"
"C:Program FilesMozilla FirefoxArcEmuarcemu-world.exe"="C:Program FilesMozilla FirefoxArcEmuarcemu-world.exe:*:Enabled:arcemu-world"
"C:Program FilesSteamsteamappsthermalogicgarrysmodhl2.exe"="C:Program FilesSteamsteamappsthermalogicgarrysmodhl2.exe:*:Enabled:hl2"
"C:Program FilesSteamsteamappsthermalogiccounter-strike sourcehl2.exe"="C:Program FilesSteamsteamappsthermalogiccounter-strike sourcehl2.exe:*:Enabled:hl2"
"C:Program FilesCurseCurseClient.exe"="C:Program FilesCurseCurseClient.exe:*:Enabled:Curse Client"
"C:Program FilesSteamsteamappscommoncall of duty 4iw3mp.exe"="C:Program FilesSteamsteamappscommoncall of duty 4iw3mp.exe:*:Enabled:iw3mp"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"C:Program FilesWorld of WarcraftBackgroundDownloader.exe"="C:Program FilesWorld of WarcraftBackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesWorld of WarcraftWoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe"="C:Program FilesWorld of WarcraftWoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader"
"C:Program FilesXfirexfire.exe"="C:Program FilesXfirexfire.exe:*:Enabled:Xfire"
"C:Program FilesUbisoftFar Cry 2binFarCry2.exe"="C:Program FilesUbisoftFar Cry 2binFarCry2.exe:*:Enabled:Far Cry 2"
"C:Program FilesUbisoftFar Cry 2binFC2Launcher.exe"="C:Program FilesUbisoftFar Cry 2binFC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:Program FilesUbisoftFar Cry 2binFC2Editor.exe"="C:Program FilesUbisoftFar Cry 2binFC2Editor.exe:*:Enabled:Editor"
"C:WINDOWSsystem32PnkBstrA.exe"="C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:WINDOWSsystem32PnkBstrB.exe"="C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:Documents and SettingsTorsteinLocal SettingsTempIXP000.TMPsmwinvnc.exe"="C:Documents and SettingsTorsteinLocal SettingsTempIXP000.TMPsmwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"C:Documents and SettingsTorsteinLocal SettingsTempIXP000.TMPSMPCSetup.exe"="C:Documents and SettingsTorsteinLocal SettingsTempIXP000.TMPSMPCSetup.exe:*:Enabled:SMPCSetup"
"C:Program FilesVentriloVentrilo.exe"="C:Program FilesVentriloVentrilo.exe:*:Enabled:Ventrilo.exe"
"C:Program FilesSteamsteamappscommoncall of duty 4Call of Duty 4 Modern Warfare Multiplayer.exe"="C:Program FilesSteamsteamappscommoncall of duty 4Call of Duty 4 Modern Warfare Multiplayer.exe:*:Enabled:Call of Duty 4 Modern Warfare Multiplayer"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesVentSrvventrilo_srv.exe"="C:Program FilesVentSrvventrilo_srv.exe:*:Enabled:ventrilo_srv"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9ebc5c31-17ef-11dd-8255-806d6172696f}]
shellAutoRuncommand - E:demo32.exe


======List of files/folders created in the last 1 months======

2008-12-14 14:37:21 ----D---- C:rsit
2008-12-14 14:31:01 ----D---- C:WINDOWSsystem32Debug
2008-12-14 14:30:59 ----SHD---- C:Config.Msi
2008-12-14 14:20:36 ----D---- C:HJT
2008-12-14 02:25:06 ----D---- C:Program FilesCA
2008-12-14 01:39:29 ----D---- C:Documents and SettingsTorsteinApplication DataGoogle
2008-12-13 03:08:16 ----HDC---- C:WINDOWS$NtUninstallKB955839$
2008-12-13 03:01:06 ----HDC---- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-13 03:00:58 ----HDC---- C:WINDOWS$NtUninstallKB954600$
2008-12-13 03:00:37 ----HDC---- C:WINDOWS$NtUninstallKB956802$
2008-12-13 00:02:50 ----D---- C:Program FilesLavasoft
2008-12-13 00:02:49 ----D---- C:Documents and SettingsAll UsersApplication DataLavasoft
2008-12-11 15:05:06 ----D---- C:Program FilesVentSrv
2008-12-11 02:11:52 ----D---- C:WINDOWSsystem32Adobe
2008-12-11 00:57:32 ----D---- C:Documents and SettingsAll UsersApplication DataLogitech
2008-12-05 19:25:14 ----D---- C:Program FilesiPod
2008-12-05 19:25:10 ----D---- C:Program FilesiTunes
2008-12-05 19:25:10 ----D---- C:Documents and SettingsAll UsersApplication Data{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-05 19:23:13 ----D---- C:Program FilesQuickTime
2008-12-04 21:23:24 ----D---- C:Program FilesAudacity
2008-11-30 15:33:17 ----A---- C:WINDOWSTSearch.INI
2008-11-25 18:14:17 ----D---- C:Documents and SettingsTorsteinApplication DataVentrilo
2008-11-25 18:13:42 ----D---- C:Program FilesVentrilo
2008-11-25 18:13:30 ----A---- C:WINDOWS{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-25 18:13:03 ----D---- C:Program FilesCommon FilesWise Installation Wizard
2008-11-20 21:44:26 ----A---- C:WINDOWSsystem32xfcodec.dll

======List of files/folders modified in the last 1 months======

2008-12-14 14:37:29 ----D---- C:WINDOWSTemp
2008-12-14 14:37:07 ----D---- C:WINDOWSPrefetch
2008-12-14 14:31:05 ----SHD---- C:WINDOWSInstaller
2008-12-14 14:31:04 ----D---- C:WINDOWSsystem32drivers
2008-12-14 14:31:01 ----D---- C:WINDOWSsystem32
2008-12-14 13:45:47 ----D---- C:Program FilesMozilla Firefox
2008-12-14 13:45:26 ----D---- C:Documents and SettingsTorsteinApplication DatauTorrent
2008-12-14 13:43:35 ----A---- C:WINDOWSSchedLgU.Txt
2008-12-14 10:46:04 ----HD---- C:$AVG8.VAULT$
2008-12-14 09:47:12 ----D---- C:WINDOWSsystem32CatRoot2
2008-12-14 09:47:12 ----D---- C:Program FilesCheat Engine
2008-12-14 02:26:10 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2008-12-14 02:25:06 ----RD---- C:Program Files
2008-12-14 01:43:08 ----D---- C:Program FilesAdobe
2008-12-13 22:03:16 ----A---- C:WINDOWSsystem32PnkBstrB.exe
2008-12-13 03:15:43 ----D---- C:WINDOWS
2008-12-13 03:08:13 ----HD---- C:WINDOWSinf
2008-12-13 03:08:06 ----A---- C:WINDOWSimsins.BAK
2008-12-13 03:08:01 ----D---- C:WINDOWSsystem32dllcache
2008-12-13 03:07:56 ----D---- C:Program FilesInternet Explorer
2008-12-13 03:07:13 ----HD---- C:WINDOWS$hf_mig$
2008-12-11 21:48:39 ----HD---- C:Program FilesInstallShield Installation Information
2008-12-11 00:57:32 ----D---- C:Program FilesLogitech
2008-12-10 02:13:09 ----D---- C:Program FilesWorld of Warcraft
2008-12-10 00:24:37 ----A---- C:WINDOWSsystem32MRT.exe
2008-12-05 19:22:51 ----D---- C:Program FilesCommon FilesApple
2008-12-04 23:08:13 ----D---- C:Program FilesWindows Live Safety Center
2008-11-30 18:46:16 ----D---- C:Program FilesXfire
2008-11-30 18:38:38 ----D---- C:Documents and SettingsTorsteinApplication DataXfire
2008-11-30 14:21:59 ----D---- C:Program FilesSteam
2008-11-25 18:13:03 ----D---- C:Program FilesCommon Files
2008-11-18 21:28:56 ----D---- C:WINDOWSHelp
2008-11-18 15:33:32 ----A---- C:WINDOWSDFC.INI
2008-11-18 14:29:01 ----D---- C:WINDOWSUI
2008-11-18 01:28:57 ----D---- C:Documents and SettingsAll UsersApplication DataWLInstaller

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2006-07-01 36864]
R1 ASPI32;ASPI32; C:WINDOWSsystem32driversASPI32.sys [2002-07-17 16877]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:WINDOWSSystem32Driversavgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:WINDOWSSystem32Driversavgmfx86.sys [2008-07-12 26824]
R1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:WINDOWSsystem32driversSCDEmu.sys [2008-07-07 56108]
R2 AvgTdiX;AVG Free8 Network Redirector; C:WINDOWSSystem32Driversavgtdix.sys [2008-07-12 76040]
R2 TBPanel;TBPanel; C:WINDOWSsystem32driversTBPanel.sys [2007-03-16 12256]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-08-07 93952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:WINDOWSsystem32DRIVERShamachi.sys [2008-10-13 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-14 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driverslvusbsta.sys [2005-05-27 22016]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2008-04-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:WINDOWSsystem32DRIVERSASACPI.sys [2006-02-26 5810]
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2008-01-08 7434336]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-07-11 20480]
R3 QCMerced;Logitech QuickCam Communicate; C:WINDOWSsystem32DRIVERSLVCM.sys [2005-05-27 1317152]
R3 SenFiltService;SenFilt Service; C:WINDOWSsystem32driversSenfilt.sys [2006-03-17 392960]
R3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-14 17152]
R4 INO_FLPY;INO_FLPY; C:WINDOWSsystem32Driversino_flpy.sys []
R4 INO_FLTR;INO_FLTR; ??C:WINDOWSsystem32Driversino_fltr.sys []
S3 ah1rumy3;ah1rumy3; C:WINDOWSsystem32driversah1rumy3.sys []
S3 BT;Bluetooth PAN Network Adapter; C:WINDOWSsystem32DRIVERSbtnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:WINDOWSSystem32Driversbtcusb.sys []
S3 Cardex;Cardex; ??C:WINDOWSsystem32driversTBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-14 10880]
S3 nvsmu;nvsmu; C:WINDOWSsystem32DRIVERSnvsmu.sys [2006-11-14 11648]
S3 scrcap;scrcap; C:WINDOWSsystem32DRIVERSscrcap.sys [2006-12-27 9006]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:WINDOWSSystem32Driversusbaapl.sys [2008-10-01 32000]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2008-04-14 121984]
S3 VComm;Virtual Serial port driver; C:WINDOWSsystem32DRIVERSVComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:WINDOWSSystem32DriversVcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:WINDOWSsystem32driversVHIDMini.sys []
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:Program FilesLavasoftAd-Awareaawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:PROGRA~1AVGAVG8avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:PROGRA~1AVGAVG8avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:Program FilesBonjourmDNSResponder.exe [2008-08-29 238888]
R2 ForcewareWebInterface;Forceware Web Interface; C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe [2006-04-03 20543]
R2 iGateway;iTechnology iGateway 4.2; C:Program FilesCASharedComponentsiTechnologyigateway.exe [2007-02-05 106496]
R2 nSvcIp;ForceWare IP service; C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe [2006-07-13 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2008-01-08 155716]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-10-02 66872]
R2 PnkBstrB;PnkBstrB; C:WINDOWSsystem32PnkBstrB.exe [2008-12-13 202040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:Program FilesiPodbiniPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:Program FilesWindows LiveMessengerusnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-05-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 WLSetupSvc;Windows Live Setup Service; C:Program FilesWindows LiveinstallerWLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Merged posts. ~ OB

Edited by Orange Blossom, 14 December 2008 - 05:15 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:00 PM

Posted 21 December 2008 - 04:12 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:00 PM

Posted 27 December 2008 - 01:26 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users