cant get rid of "Antivirus soft"

View previous topic View next topic Go down

cant get rid of "Antivirus soft"

Post by Haag on Thu Feb 25, 2010 9:59 pm

Earlier today my computer started to play tricks with me. It said my old antivirus was out of date,
and another anti-virus program i never heard of started poping up. The Antivirus Soft.
It tells me that all files on my computer are "infected", They come as a "windows seucurity alert"
and wont let me run any files or programs except mozilla and internet explorer.
It keeps spamming porn and other stuff in my web browser. I will however let me open
files the first seconds after rebooting windows, thats how i have been able to run the programs at all.
It have taken some time... I started of trying the "Malwarebytes Anti-Malware" but with no result.
Here is the log-file you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:01, on 2010-02-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Sync\FreeAgentService.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Eset\nod32krn.exe
C:\Program\Delade filer\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\Eset\nod32kui.exe
D:\Program\PowerDVD\PDVDServ.exe
C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe
C:\Program\FreeAgent Status\StxMenuMgr.exe
C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq\lmirsftav.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Fredrik\Skrivbord\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] D:\Program\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ckpukqrj] C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq\lmirsftav.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [thunk date] C:\DOCUME~1\Fredrik\APPLIC~1\HECKST~1\Savedvdmulti.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ckpukqrj] C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq\lmirsftav.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program\Delade filer\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7554 bytes

Thank you for your time.

//Fredrik Haag

Haag
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 24838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Belahzur on Thu Feb 25, 2010 10:52 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O4 - HKLM\..\Run: [ckpukqrj] C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq\lmirsftav.exe
    O4 - HKCU\..\Run: [thunk date] C:\DOCUME~1\Fredrik\APPLIC~1\HECKST~1\Savedvdmulti.exe
    O4 - HKCU\..\Run: [ckpukqrj] C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq\lmirsftav.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Haag on Fri Feb 26, 2010 9:11 am

It seems to be working as it should, Thank you very much. I really apriciate your help and fast responses. Saved my day!

Best Regards

//Fredrik

Haag
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 24838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Belahzur on Fri Feb 26, 2010 11:23 pm

Please post the MBAM log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Haag on Sat Feb 27, 2010 10:17 am

Malwarebytes' Anti-Malware 1.44
Databasversion: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2010-02-26 01:17:06
mbam-log-2010-02-26 (01-17-06).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 108790
Förfluten tid: 7 minute(s), 18 second(s)

Infekterade minnesprocesser: 1
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
C:\Documents and Settings\Fredrik\Skrivbord\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\Documents and Settings\Fredrik\Skrivbord\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Haag
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 24838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Belahzur on Sat Feb 27, 2010 8:16 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Haag on Sat Feb 27, 2010 10:17 pm

OTL logfile created on: 2010-02-27 23:13:43 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Fredrik\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 29,99 Gb Total Space | 6,99 Gb Free Space | 23,29% Space Free | Partition Type: NTFS
Drive D: | 202,89 Gb Total Space | 92,21 Gb Free Space | 45,45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,64 Gb Total Space | 149,78 Gb Free Space | 32,17% Space Free | Partition Type: FAT32

Computer Name: HEED-FD4BBDB1DB
Current User Name: Fredrik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-27 23:13:08 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fredrik\Skrivbord\OTL.exe
PRC - [2010-02-18 23:27:49 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2010-02-14 02:53:52 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program\UltraMon\UltraMonTaskbar.exe
PRC - [2010-02-14 02:53:28 | 000,492,544 | ---- | M] (Realtime Soft Ltd) -- C:\Program\UltraMon\UltraMon.exe
PRC - [2010-02-03 09:48:45 | 002,890,576 | ---- | M] (Spotify AB) -- D:\Program\Spotify\spotify.exe
PRC - [2009-11-25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program\Delade filer\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009-11-20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-10-30 12:28:54 | 000,135,592 | ---- | M] () -- D:\Program\VLC\vlc.exe
PRC - [2009-07-28 01:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-05-01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program\Sync\FreeAgentService.exe
PRC - [2009-05-01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program\FreeAgent Status\stxmenumgr.exe
PRC - [2009-02-06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Contacts\wlcomm.exe
PRC - [2009-01-08 11:23:04 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe
PRC - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe
PRC - [2008-09-05 23:30:02 | 000,950,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008-04-14 17:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-07-06 13:02:26 | 000,561,152 | ---- | M] (Lavasoft AB) -- C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007-03-12 12:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-03-12 12:49:46 | 000,271,920 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe
PRC - [2007-03-12 12:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe
PRC - [2007-02-25 21:32:32 | 000,950,664 | ---- | M] (Eset ) -- C:\Program\ESET\nod32kui.exe
PRC - [2007-02-25 21:32:32 | 000,549,256 | ---- | M] (Eset ) -- C:\Program\ESET\nod32krn.exe
PRC - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004-10-14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program\Analog Devices\Core\smax4pnp.exe
PRC - [2003-10-31 18:42:40 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- D:\Program\PowerDVD\PDVDServ.exe
PRC - [2003-06-19 19:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010-02-27 23:13:08 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fredrik\Skrivbord\OTL.exe
MOD - [2010-02-14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program\UltraMon\RTSUltraMonHook.dll
MOD - [2010-02-14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program\UltraMon\UltraMonResButtons.dll
MOD - [2009-08-13 14:56:33 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008-04-14 17:04:43 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-11-25 15:42:18 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program\Delade filer\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009-11-20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009-06-05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-06-05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-05-01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009-01-08 11:23:04 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-01-07 00:51:37 | 000,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-12-12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007-07-06 13:02:26 | 000,561,152 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007-03-14 18:19:10 | 000,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007-03-12 12:49:46 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-02-25 21:32:32 | 000,549,256 | ---- | M] (Eset ) [Auto | Running] -- C:\Program\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2005-11-14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003-07-28 16:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-06-19 19:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009-11-21 03:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-16 16:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009-08-26 12:45:10 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009-06-05 10:42:38 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-03-19 15:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008-11-14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program\Delade filer\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007-11-13 11:25:56 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-10-30 07:57:56 | 000,023,040 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nordecr.sys -- (TdsNordecr)
DRV - [2007-06-04 20:59:50 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\Ultra.dll -- (ultra)
DRV - [2007-05-16 01:30:37 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-03-08 00:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-02-25 22:04:07 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007-02-25 21:32:32 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2007-02-25 21:32:32 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2007-01-15 17:18:30 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2006-11-30 13:58:42 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006-11-30 13:58:34 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex)
DRV - [2006-11-30 13:58:32 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006-11-30 13:58:30 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006-11-30 13:58:26 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006-11-30 13:58:24 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006-11-30 13:58:18 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2006-08-28 13:23:06 | 000,090,768 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26unic.sys -- (se26unic) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM)
DRV - [2006-08-28 13:23:00 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26obex.sys -- (SE26obex)
DRV - [2006-08-28 13:22:58 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26nd5.sys -- (se26nd5) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)
DRV - [2006-08-28 13:22:56 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mgmt.sys -- (SE26mgmt) Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM)
DRV - [2006-08-28 13:22:52 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mdm.sys -- (SE26mdm)
DRV - [2006-08-28 13:22:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26mdfl.sys -- (SE26mdfl)
DRV - [2006-05-10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-05-01 11:48:04 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE26bus.sys -- (SE26bus) Sony Ericsson Device 038 Driver driver (WDM)
DRV - [2006-04-20 15:20:22 | 000,019,456 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2ktunr.sys -- (tv2ktunr)
DRV - [2006-04-20 14:50:34 | 000,059,776 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kvcap.sys -- (BT848)
DRV - [2006-04-20 14:49:26 | 000,009,600 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wf2kXbar.sys -- (Tv2kXbar)
DRV - [2005-03-22 11:08:40 | 000,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004-09-17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-09-28 15:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-02-23 00:35:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-02-18 23:27:55 | 000,000,000 | ---D | M]

[2008-11-16 10:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fredrik\Application Data\Mozilla\Extensions
[2010-02-27 17:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fredrik\Application Data\Mozilla\Firefox\Profiles\wf88sm63.default\extensions
[2010-02-11 00:58:55 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Fredrik\Application Data\Mozilla\Firefox\Profiles\wf88sm63.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010-02-08 22:28:26 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Fredrik\Application Data\Mozilla\Firefox\Profiles\wf88sm63.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010-02-08 22:28:25 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Fredrik\Application Data\Mozilla\Firefox\Profiles\wf88sm63.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2010-02-27 14:01:10 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2009-04-30 17:01:17 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2009-04-30 17:01:17 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2009-04-30 17:01:17 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2009-04-30 17:01:17 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2009-04-30 17:01:17 | 000,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2007-09-14 14:32:41 | 000,004,078 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program\Delade filer\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nod32kui] C:\Program\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] D:\Program\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DisplayFusion] C:\Program\DisplayFusion\DisplayFusion.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\McAfee Security Scan.lnk = C:\Program\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\MultiMon Taskbar.lnk = C:\Program\MMTaskbar\MultiMon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Fredrik\Application Data\Mozilla\Firefox\Firefox-bakgrund.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fredrik\Application Data\Mozilla\Firefox\Firefox-bakgrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-02-25 21:04:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5bdb1b07-fd09-11de-b4ce-001143aa8e9b}\Shell\AutoRun\command - "" = L:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-02-27 23:12:51 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fredrik\Skrivbord\OTL.exe
[2010-02-26 15:48:20 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Realtime Soft
[2010-02-26 15:48:18 | 000,000,000 | ---D | C] -- C:\Program\UltraMon
[2010-02-26 15:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Realtime Soft
[2010-02-26 15:33:10 | 000,000,000 | ---D | C] -- C:\Program\MMTaskbar
[2010-02-26 15:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Application Data\Realtime Soft
[2010-02-26 15:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Skrivbord\Aktuellt
[2010-02-26 10:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010-02-26 10:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Application Data\Office Genuine Advantage
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010-02-25 19:03:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010-02-25 17:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Application Data\Malwarebytes
[2010-02-25 17:03:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-02-25 17:03:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-02-25 17:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-02-25 17:03:51 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2010-02-25 14:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq
[2010-02-22 20:48:19 | 000,000,000 | ---D | C] -- C:\Program\Seagate Manager Setup Files
[2010-02-22 20:47:34 | 000,000,000 | ---D | C] -- C:\Program\Backup
[2010-02-22 20:47:28 | 000,000,000 | ---D | C] -- C:\Program\Sync
[2010-02-22 20:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-02-22 20:47:26 | 000,000,000 | ---D | C] -- C:\Program\ManagerApp
[2010-02-22 20:47:26 | 000,000,000 | ---D | C] -- C:\Program\iconfiles
[2010-02-22 20:47:26 | 000,000,000 | ---D | C] -- C:\Program\FreeAgent Status
[2010-02-22 20:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\Downloaded Installations
[2010-02-22 20:46:01 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010-02-16 10:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Application Data\Facebook
[2010-02-14 02:52:34 | 000,240,128 | ---- | C] (Realtime Soft Ltd) -- C:\WINDOWS\UltraMon.scr
[2010-02-03 09:53:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\StartupCPL
[2009-08-04 11:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft
[2008-07-23 14:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Apple
[2007-03-02 20:16:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007-02-25 21:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft
[2007-02-25 21:04:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-02-27 23:13:08 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fredrik\Skrivbord\OTL.exe
[2010-02-27 23:00:00 | 000,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\AF6D4B94918AFF0C.job
[2010-02-27 21:08:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-27 18:17:09 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-02-27 03:21:18 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Fredrik\NTUSER.DAT
[2010-02-26 15:48:20 | 000,001,934 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\UltraMon.lnk
[2010-02-26 15:33:11 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\MultiMon Taskbar.lnk
[2010-02-26 15:20:16 | 002,647,552 | ---- | M] () -- C:\Documents and Settings\Fredrik\Skrivbord\UltraMon_3.0.10_en_x32.msi
[2010-02-26 15:11:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Fredrik\Skrivbord\Den här datorn.lnk
[2010-02-26 10:17:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-26 10:04:01 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-02-26 10:03:57 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-02-26 01:18:42 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\NKNKYZ.job
[2010-02-26 01:18:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-26 01:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-25 17:20:53 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-02-25 16:53:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fredrik\ignore.lst
[2010-02-25 16:39:20 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Fredrik\ntuser.ini
[2010-02-25 13:54:50 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\nusrmgru.dll
[2010-02-20 16:53:52 | 000,206,336 | ---- | M] () -- C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-19 17:51:00 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Skype.lnk
[2010-02-14 02:52:34 | 000,240,128 | ---- | M] (Realtime Soft Ltd) -- C:\WINDOWS\UltraMon.scr
[2010-02-10 19:07:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-02-09 22:45:19 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Fredrik\Skrivbord\Regel 23,24,25.doc
[2010-02-01 21:58:18 | 001,142,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-02-01 21:58:18 | 000,475,622 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2010-02-01 21:58:18 | 000,474,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-02-01 21:58:18 | 000,099,082 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2010-02-01 21:58:18 | 000,084,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-02-26 15:48:20 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\UltraMon.lnk
[2010-02-26 15:33:11 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\MultiMon Taskbar.lnk
[2010-02-26 15:19:20 | 002,647,552 | ---- | C] () -- C:\Documents and Settings\Fredrik\Skrivbord\UltraMon_3.0.10_en_x32.msi
[2010-02-26 15:11:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Fredrik\Skrivbord\Den här datorn.lnk
[2010-02-25 17:03:59 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2010-02-25 13:54:51 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\NKNKYZ.job
[2010-02-25 13:54:50 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\nusrmgru.dll
[2010-02-09 20:36:17 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Fredrik\Skrivbord\Regel 23,24,25.doc
[2010-02-03 09:54:17 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2009-12-18 19:46:30 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009-12-18 19:46:29 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009-12-18 19:46:29 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009-09-13 14:59:01 | 000,000,255 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-08-11 23:46:36 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-08-11 23:46:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-08-11 23:46:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-08-11 23:46:25 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-11 23:46:25 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-11 23:46:11 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-08-11 23:46:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-03-24 15:44:13 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009-03-24 15:44:13 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009-03-02 22:13:58 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-03-02 22:13:58 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-03-02 22:13:58 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008-06-18 17:02:05 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2008-06-18 17:01:32 | 000,000,034 | ---- | C] () -- C:\WINDOWS\trafik.ini
[2007-06-04 20:59:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2007-06-04 14:48:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-05-16 01:30:36 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-05-05 17:06:24 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2007-04-17 18:22:04 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-04-09 22:31:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SW_Win2000X48.DLL
[2007-04-09 22:30:22 | 000,009,182 | ---- | C] () -- C:\WINDOWS\CI_SearchHistory.INI
[2007-02-27 15:24:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\fusioncache.dat
[2007-02-26 23:33:24 | 000,206,336 | ---- | C] () -- C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-02-25 22:12:49 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-02-25 22:04:45 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007-02-25 21:42:55 | 000,001,242 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007-02-25 21:32:47 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2005-11-11 06:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-11-11 06:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003-04-08 07:35:24 | 000,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-03-21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Haag
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 24838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Haag on Sat Feb 27, 2010 10:18 pm

OTL Extras logfile created on: 2010-02-27 23:13:43 - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Fredrik\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 29,99 Gb Total Space | 6,99 Gb Free Space | 23,29% Space Free | Partition Type: NTFS
Drive D: | 202,89 Gb Total Space | 92,21 Gb Free Space | 45,45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,64 Gb Total Space | 149,78 Gb Free Space | 32,17% Space Free | Partition Type: FAT32

Computer Name: HEED-FD4BBDB1DB
Current User Name: Fredrik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] --

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13415:TCP" = 13415:TCP:*:Enabled:BitComet 13415 TCP
"13415:UDP" = 13415:UDP:*:Enabled:BitComet 13415 UDP
"25103:TCP" = 25103:TCP:*:Enabled:BitComet 25103 TCP
"25103:UDP" = 25103:UDP:*:Enabled:BitComet 25103 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"17788:TCP" = 17788:TCP:*:Enabled:BitComet 17788 TCP
"17788:UDP" = 17788:UDP:*:Enabled:BitComet 17788 UDP
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"9940:TCP" = 9940:TCP:*:Enabled:BitComet 9940 TCP
"9940:UDP" = 9940:UDP:*:Enabled:BitComet 9940 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Wow\World of Warcraft\WoW-1.12.0-enGB-downloader.exe" = D:\Wow\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Wow\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = D:\Wow\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"D:\Wow\World of Warcraft\WoW-2.0.3-enGB-downloader.exe" = D:\Wow\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Wow\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe" = D:\Wow\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Wow\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe" = D:\Wow\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Program\BitComet\BitComet.exe" = D:\Program\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- ([You must be registered and logged in to see this link.]
"D:\Program\mIRC\mirc.exe" = D:\Program\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"D:\Spel\Wow\World of Warcraft\WoW-2.0.3-enGB-downloader.exe" = D:\Spel\Wow\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Spel\Wow\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe" = D:\Spel\Wow\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"D:\Spel\Wow\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe" = D:\Spel\Wow\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Documents and Settings\Fredrik\Skrivbord\utorrent.exe" = C:\Documents and Settings\Fredrik\Skrivbord\utorrent.exe:*:Enabled:µTorrent -- File not found
"D:\Spel\Wow\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe" = D:\Spel\Wow\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Spel\StepMania CVS\Program\StepMania.exe" = D:\Spel\StepMania CVS\Program\StepMania.exe:*:Enabled:StepMania -- File not found
"D:\Spel\Wow\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe" = D:\Spel\Wow\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"D:\Program\LimeWire\LimeWire.exe" = D:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program\Mozilla Firefox\firefox.exe" = C:\Program\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Spel\Football Manager\fm.exe" = D:\Spel\Football Manager\fm.exe:*:Enabled:Football Manager 2007 -- File not found
"C:\Program\Delade filer\System\netspool.exe" = C:\Program\Delade filer\System\netspool.exe:*:Enabled:RegMonitor -- File not found
"D:\Program\Utorrent\utorrent.exe" = D:\Program\Utorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"D:\Spel\Steam\Steam.exe" = D:\Spel\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"D:\Spel\Steam\steamapps\belmacor@hotmail.com\counter-strike\hl.exe" = D:\Spel\Steam\steamapps\belmacor@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Spel\Warcraft\Warcraft III\Warcraft III.exe" = D:\Spel\Warcraft\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"D:\Spel\Warcraft\Warcraft III\Warcraft III\Warcraft III.exe" = D:\Spel\Warcraft\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"D:\Spel\Warcraft\Wow\World of Warcraft\BackgroundDownloader.exe" = D:\Spel\Warcraft\Wow\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Spel\RF Online\RF.exe" = D:\Spel\RF Online\RF.exe:*:Enabled:RFLauncher -- File not found
"C:\Documents and Settings\Fredrik\Lokala inställningar\Temp\Blizzard Launcher Temporary - 7e706f28\Launcher.exe" = C:\Documents and Settings\Fredrik\Lokala inställningar\Temp\Blizzard Launcher Temporary - 7e706f28\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program\DNA\btdna.exe" = C:\Program\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"D:\Program\Spotify\spotify.exe" = D:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program\Bonjour\mDNSResponder.exe" = C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"D:\Program\Itunes\iTunes.exe" = D:\Program\Itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Spel\Warcraft\Warcraft III\Warcraft III\Warcraft III\Warcraft III.exe" = D:\Spel\Warcraft\Warcraft III\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program\MSN Messenger\livecall.exe" = C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"D:\Program\vent3.0\Ventrilo.exe" = D:\Program\vent3.0\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Spel\HoN\hon.exe" = D:\Spel\HoN\hon.exe:*:Enabled:hon -- (S2 Games)
"C:\Program\Skype\Plugin Manager\skypePM.exe" = C:\Program\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"D:\Program\twix\TViXNetShare.exe" = D:\Program\twix\TViXNetShare.exe:*:Enabled:TViXNetShare -- (DVICO)
"D:\Spel\Warcraft\Wow\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = D:\Spel\Warcraft\Wow\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\Spel\Warcraft\Wow\World of Warcraft\Launcher.exe" = D:\Spel\Warcraft\Wow\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program\Skype\Phone\Skype.exe" = C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}" = LastChaos
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{17014473-0098-4DF0-827D-7D582697C78C}" = Microsoft .NET Framework 2.0 Language Pack - SVE
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43FFE159-3199-4188-A1CD-629166AD1053}" = Nero 7 Ultra Edition
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8409B1FB-9B55-452A-8CDC-4AE9D0F97FB4}" = TViX NetShare 2.10
"{9011041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9596C29E-1DA9-4063-848A-024515E618BE}" = TMNT
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1053-7B44-A91000000001}" = Adobe Reader 9.1 - Svenska
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD9A35D4-8A81-4188-98AF-14D759083FB4}" = Nordea NCR1 Installationspaket
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5D36DAE-B5F1-4B86-AFC1-32B7DF7E5EF7}" = Sony Vegas Movie Studio Platinum 7.0a
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{E31C348B-63A9-4CBF-8D7F-D932ABB63244}" = Ad-Aware 2007
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AviSynth" = AviSynth 2.5
"BitComet" = BitComet 0.70
"Bonniers Trafikskola 4.0" = Bonniers Trafikskola 4.0
"Convert Image_is1" = Convert Image
"Diablo II" = Diablo II
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.1.1 Home Edition
"Glosläxa_is1" = Glosläxa 1.6.20
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{9596C29E-1DA9-4063-848A-024515E618BE}" = TMNT
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.5
"Körkortstest 2" = Körkortstest 2
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - SVE" = Microsoft .NET Framework 2.0 Language Pack - SVE
"MiniTuner_is1" = MiniTuner 1.3
"mIRC" = mIRC
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiMon TaskBar_is1" = MultiMon TaskBar 2.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = NOD32 antivirus system
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Personal" = Personal 4.10
"Picasa2" = Picasa 2
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Serious Samurize" = Serious Samurize
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spotify" = Spotify
"StepMania" = StepMania (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TPTEST5_is1" = TPTEST 5.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"VentriloMIX" = VentriloMIX
"Videora iPod Converter" = Videora iPod Converter 4.08
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.0.3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"LOUD CHIC MEAL" = CiD Help
"Steam App 10" = Counter-Strike
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-02-26 14:00:56 | Computer Name = HEED-FD4BBDB1DB | Source = MsiInstaller | ID = 11935
Description = Product: Microsoft .NET Framework 1.1 -- Error 1935.An error occurred
during the installation of assembly 'System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573"'.
Please refer to Help and Support for more information. HRESULT: 0x8002802F. assembly
interface: , function: CreateAssemblyCache, component: {7DD61C22-61FD-40E9-9EEA-98D7DA3BAAA2}

Error - 2010-02-26 14:00:57 | Computer Name = HEED-FD4BBDB1DB | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Uppdateringen {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
kunde inte installeras. Felkod: 1603. Ytterligare information finns i loggfilen
C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 2010-02-26 14:00:59 | Computer Name = HEED-FD4BBDB1DB | Source = NativeWrapper | ID = 5000
Description =

Error - 2010-02-26 14:03:20 | Computer Name = HEED-FD4BBDB1DB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1053, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2010-02-27 14:00:56 | Computer Name = HEED-FD4BBDB1DB | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2908. {0548FC4E-9256-4341-AD34-27D534CDE619}

Error - 2010-02-27 14:00:56 | Computer Name = HEED-FD4BBDB1DB | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2908. {7DD61C22-61FD-40E9-9EEA-98D7DA3BAAA2}

Error - 2010-02-27 14:00:57 | Computer Name = HEED-FD4BBDB1DB | Source = MsiInstaller | ID = 11935
Description = Product: Microsoft .NET Framework 1.1 -- Error 1935.An error occurred
during the installation of assembly 'System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573"'.
Please refer to Help and Support for more information. HRESULT: 0x8002802F. assembly
interface: , function: CreateAssemblyCache, component: {7DD61C22-61FD-40E9-9EEA-98D7DA3BAAA2}

Error - 2010-02-27 14:00:58 | Computer Name = HEED-FD4BBDB1DB | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Uppdateringen {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
kunde inte installeras. Felkod: 1603. Ytterligare information finns i loggfilen
C:\WINDOWS\TEMP\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log.

Error - 2010-02-27 14:01:00 | Computer Name = HEED-FD4BBDB1DB | Source = NativeWrapper | ID = 5000
Description =

Error - 2010-02-27 14:03:12 | Computer Name = HEED-FD4BBDB1DB | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb953300,
P2 1053, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 2010-02-25 14:00:55 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 1.1
Service Pack 1 för Windows 2000, Windows XP, Windows Vista, Windows Server 2008,
Windows 7 och Windows Server 2008 R2 (KB953297).

Error - 2010-02-25 14:04:18 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 2.0
Service Pack 1 för Windows 2000, Windows Server 2003 och Windows XP (KB953300).

Error - 2010-02-25 20:18:58 | Computer Name = HEED-FD4BBDB1DB | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: IntelIde

Error - 2010-02-25 20:19:09 | Computer Name = HEED-FD4BBDB1DB | Source = sr | ID = 1
Description = Systemåterställningsfiltret påträffade det oväntade felet 0xC0000001
när filen på volymen HarddiskVolume1 behandlades. Volymen övervakas inte längre.

Error - 2010-02-26 05:05:29 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 1.1
Service Pack 1 för Windows 2000, Windows XP, Windows Vista, Windows Server 2008,
Windows 7 och Windows Server 2008 R2 (KB953297).

Error - 2010-02-26 05:08:22 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 2.0
Service Pack 1 för Windows 2000, Windows Server 2003 och Windows XP (KB953300).

Error - 2010-02-26 14:01:05 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 1.1
Service Pack 1 för Windows 2000, Windows XP, Windows Vista, Windows Server 2008,
Windows 7 och Windows Server 2008 R2 (KB953297).

Error - 2010-02-26 14:03:55 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 2.0
Service Pack 1 för Windows 2000, Windows Server 2003 och Windows XP (KB953300).

Error - 2010-02-27 14:01:06 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 1.1
Service Pack 1 för Windows 2000, Windows XP, Windows Vista, Windows Server 2008,
Windows 7 och Windows Server 2008 R2 (KB953297).

Error - 2010-02-27 14:03:44 | Computer Name = HEED-FD4BBDB1DB | Source = Windows Update Agent | ID = 20
Description = Installationsfel: Det gick inte att installera följande uppdatering
på grund av fel 0x80070643: Säkerhetsuppdatering för Microsoft .NET Framework 2.0
Service Pack 1 för Windows 2000, Windows Server 2003 och Windows XP (KB953300).


< End of report >

Haag
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 24838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Belahzur on Sun Feb 28, 2010 1:30 am

Hello.

I see that you are running BitComet.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitComet 0.70
    CiD Help
    DNA
    J2SE Runtime Environment 5.0 Update 3
    Java(TM) 6 Update 3
    Java(TM) 6 Update 11

We have 2 infections here, we'll have to deal with one before we kill the other.

The first infection you actually installed you/someone else installed for you because they didn't read what the Messenger Plus installed says.

When you install Messenger Plus, it shows 2 options for installing sponsors, or no sponsers. Someone chose the sponsers, and that's what's caused this.

Download [You must be registered and logged in to see this link.]

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Haag on Sun Feb 28, 2010 8:55 am

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Fredrik ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:202 Go (Free:92 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (Local Disk) - FAT32 - Total:465 Go (Free:149 Go)
J:\ (CD or DVD)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 2010-02-28| 9:49 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\WINDOWS\Tasks\AF6D4B94918AFF0C.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great\Debug Meow.exe
Deleted! - C:\DOCUME~1\Fredrik\LOKALA~1\Temp\StartupCPL
Deleted! - C:\DOCUME~1\Fredrik\Cookies\fredrik@advertstream[1].txt
Deleted! - C:\DOCUME~1\Fredrik\Cookies\fredrik@advertising[1].txt
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soap thunk lies soft
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\soft chic meet great
Deleted! - C:\DOCUME~1\Fredrik\APPLIC~1\HECKST~1
Deleted! - C:\Program\HECKST~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[2009-07-02|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007-02-25|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[2009-09-29|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2009-11-03|23:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-07-22|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-10-15|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[2007-07-27|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bone atom mfcd license
[2007-08-25|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[2007-07-08|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[2010-02-25|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2009-10-02|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[2009-09-29|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee Security Scan
[2008-11-29|16:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[2009-09-16|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2007-06-04|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[2009-10-17|06:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[2009-07-17|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[2009-12-14|00:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation
[2007-02-26|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[2010-02-26|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[2010-02-26|15:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Realtime Soft
[2010-02-22|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seagate
[2009-12-21|02:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2007-06-17|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[2009-07-17|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2007-06-17|08:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[2010-02-03|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007-02-26|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[2007-02-25|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[0|fil(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte
[31|katalog(er)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\byte ledigt

[2007-02-25|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte
[3|katalog(er)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\byte ledigt

[2007-02-26|14:47] C:\DOCUME~1\Fredrik\APPLIC~1\ACD Systems
[2009-09-20|15:27] C:\DOCUME~1\Fredrik\APPLIC~1\Adobe
[2007-03-06|08:23] C:\DOCUME~1\Fredrik\APPLIC~1\AdobeAUM
[2007-03-06|08:23] C:\DOCUME~1\Fredrik\APPLIC~1\AdobeUM
[2007-06-07|13:24] C:\DOCUME~1\Fredrik\APPLIC~1\Ahead
[2009-11-03|23:37] C:\DOCUME~1\Fredrik\APPLIC~1\Apple Computer
[2007-08-25|15:42] C:\DOCUME~1\Fredrik\APPLIC~1\CyberLink
[2010-02-07|04:42] C:\DOCUME~1\Fredrik\APPLIC~1\DNA
[2010-02-22|23:17] C:\DOCUME~1\Fredrik\APPLIC~1\dvdcss
[2010-02-16|10:49] C:\DOCUME~1\Fredrik\APPLIC~1\Facebook
[2007-02-25|21:16] C:\DOCUME~1\Fredrik\APPLIC~1\Identities
[2007-02-25|21:26] C:\DOCUME~1\Fredrik\APPLIC~1\Infineon
[2009-09-16|20:58] C:\DOCUME~1\Fredrik\APPLIC~1\InstallShield
[2007-03-29|14:38] C:\DOCUME~1\Fredrik\APPLIC~1\Lavasoft
[2007-04-09|22:21] C:\DOCUME~1\Fredrik\APPLIC~1\Leadertech
[2008-02-28|18:57] C:\DOCUME~1\Fredrik\APPLIC~1\Macromedia
[2010-02-25|17:24] C:\DOCUME~1\Fredrik\APPLIC~1\Malwarebytes
[2009-08-11|23:49] C:\DOCUME~1\Fredrik\APPLIC~1\Media Player Classic
[2009-03-30|18:44] C:\DOCUME~1\Fredrik\APPLIC~1\Microsoft
[2009-03-26|16:44] C:\DOCUME~1\Fredrik\APPLIC~1\Mount&Blade
[2008-11-16|10:25] C:\DOCUME~1\Fredrik\APPLIC~1\Mozilla
[2010-02-26|10:17] C:\DOCUME~1\Fredrik\APPLIC~1\Office Genuine Advantage
[2007-02-25|22:27] C:\DOCUME~1\Fredrik\APPLIC~1\OfficeUpdate12
[2009-09-16|20:58] C:\DOCUME~1\Fredrik\APPLIC~1\Personal
[2007-02-28|12:22] C:\DOCUME~1\Fredrik\APPLIC~1\Publish Providers
[2008-04-20|17:51] C:\DOCUME~1\Fredrik\APPLIC~1\Real
[2010-02-26|15:21] C:\DOCUME~1\Fredrik\APPLIC~1\Realtime Soft
[2009-07-16|19:29] C:\DOCUME~1\Fredrik\APPLIC~1\Regensoft
[2007-04-21|22:18] C:\DOCUME~1\Fredrik\APPLIC~1\Roxio
[2010-02-20|21:20] C:\DOCUME~1\Fredrik\APPLIC~1\Skype
[2010-02-20|16:01] C:\DOCUME~1\Fredrik\APPLIC~1\skypePM
[2007-02-28|12:22] C:\DOCUME~1\Fredrik\APPLIC~1\Sony
[2007-06-17|08:27] C:\DOCUME~1\Fredrik\APPLIC~1\Sony Ericsson
[2007-02-27|15:22] C:\DOCUME~1\Fredrik\APPLIC~1\Sony Setup
[2007-05-17|08:18] C:\DOCUME~1\Fredrik\APPLIC~1\Sports Interactive
[2010-02-27|23:11] C:\DOCUME~1\Fredrik\APPLIC~1\Spotify
[2007-06-24|20:23] C:\DOCUME~1\Fredrik\APPLIC~1\Sun
[2007-07-02|17:32] C:\DOCUME~1\Fredrik\APPLIC~1\Teleca
[2009-03-10|21:09] C:\DOCUME~1\Fredrik\APPLIC~1\U3
[2008-08-17|07:34] C:\DOCUME~1\Fredrik\APPLIC~1\uTorrent
[2009-01-07|20:52] C:\DOCUME~1\Fredrik\APPLIC~1\Ventrilo
[2010-02-27|22:26] C:\DOCUME~1\Fredrik\APPLIC~1\vlc
[0|fil(er)] C:\DOCUME~1\Fredrik\APPLIC~1\byte
[44|katalog(er)] C:\DOCUME~1\Fredrik\APPLIC~1\byte ledigt

[2007-03-02|20:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte
[3|katalog(er)] C:\DOCUME~1\LOCALS~1\APPLIC~1\byte ledigt

[2007-02-25|21:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|fil(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte
[3|katalog(er)] C:\DOCUME~1\NETWOR~1\APPLIC~1\byte ledigt

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[2010-02-26 01:18][--ahs----] C:\WINDOWS\tasks\NKNKYZ.job
[2010-02-26 10:03][--a------] C:\WINDOWS\tasks\WGASetup.job
[2010-02-27 18:17][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-02-26 01:18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2001-09-28 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program

[2007-02-25|22:04] C:\Program\ACD Systems
[2009-09-29|10:35] C:\Program\Adobe
[2007-02-25|21:27] C:\Program\Analog Devices
[2009-07-03|17:48] C:\Program\Apple Software Update
[2009-07-16|19:23] C:\Program\AviSynth 2.5
[2010-02-22|20:47] C:\Program\Backup
[2009-07-02|17:00] C:\Program\Bonjour
[2007-02-25|22:03] C:\Program\Broadcom
[2007-02-25|21:02] C:\Program\ComPlus Applications
[2007-08-25|15:41] C:\Program\CyberLink
[2010-02-26|15:48] C:\Program\Delade filer
[2009-07-25|00:14] C:\Program\DivX
[2010-02-03|09:47] C:\Program\DNA
[2009-12-18|19:46] C:\Program\EASEUS
[2008-02-08|13:38] C:\Program\ESET
[2007-02-26|14:55] C:\Program\foxit pdf reader
[2010-02-22|20:47] C:\Program\FreeAgent Status
[2009-01-31|10:14] C:\Program\Google
[2010-02-22|20:47] C:\Program\iconfiles
[2010-02-22|20:48] C:\Program\InstallShield Installation Information
[2007-02-25|21:18] C:\Program\Intel
[2010-01-24|19:57] C:\Program\Internet Explorer
[2009-07-02|17:08] C:\Program\iPod
[2009-01-08|11:23] C:\Program\Java
[2007-07-08|23:43] C:\Program\Lavasoft
[2010-02-25|17:20] C:\Program\Malwarebytes' Anti-Malware
[2010-02-22|20:47] C:\Program\ManagerApp
[2009-09-29|10:28] C:\Program\McAfee Security Scan
[2009-08-04|11:57] C:\Program\Messenger
[2009-09-16|15:42] C:\Program\Microsoft
[2007-02-25|21:05] C:\Program\microsoft frontpage
[2009-03-31|15:09] C:\Program\Microsoft Office
[2007-02-25|22:09] C:\Program\Microsoft Visual Studio
[2007-02-25|22:10] C:\Program\Microsoft Works
[2007-02-25|22:11] C:\Program\Microsoft.NET
[2010-02-26|15:33] C:\Program\MMTaskbar
[2009-08-04|09:03] C:\Program\Movie Maker
[2010-02-28|09:41] C:\Program\Mozilla Firefox
[2009-08-22|18:21] C:\Program\MSBuild
[2009-03-31|15:09] C:\Program\MSECache
[2007-02-25|21:01] C:\Program\MSN Gaming Zone
[2007-04-22|18:00] C:\Program\MSXML 4.0
[2007-06-04|08:19] C:\Program\Nero
[2009-08-04|08:59] C:\Program\NetMeeting
[2009-09-16|20:58] C:\Program\Nordea NCR1 Installationspaket
[2009-10-17|06:57] C:\Program\Norton Security Scan
[2009-12-14|00:03] C:\Program\NVIDIA Corporation
[2007-02-25|21:03] C:\Program\Onlinetj„nster
[2009-08-13|18:54] C:\Program\Outlook Express
[2009-03-24|15:41] C:\Program\Outspark
[2009-09-16|20:58] C:\Program\Personal
[2009-08-11|23:04] C:\Program\Picasa2
[2007-02-25|21:45] C:\Program\PowerQuest
[2009-07-02|17:06] C:\Program\QuickTime
[2009-08-22|18:21] C:\Program\Reference Assemblies
[2009-12-18|19:18] C:\Program\Registry Mechanic
[2007-04-21|22:12] C:\Program\Roxio
[2010-02-22|20:50] C:\Program\Seagate Manager Setup Files
[2009-12-21|02:14] C:\Program\Skype
[2007-06-17|08:21] C:\Program\Sony Ericsson
[2007-10-29|20:53] C:\Program\Strmedia
[2010-02-22|20:47] C:\Program\Sync
[2007-02-25|21:43] C:\Program\totalcmd
[2010-02-26|15:48] C:\Program\UltraMon
[2007-02-25|21:16] C:\Program\Uninstall Information
[2008-11-29|16:00] C:\Program\Western Digital
[2008-11-29|15:58] C:\Program\Western Digital Technologies
[2009-09-16|15:42] C:\Program\Windows Live
[2010-02-07|10:16] C:\Program\Windows Live Safety Center
[2009-09-16|15:41] C:\Program\Windows Live SkyDrive
[2007-12-23|20:10] C:\Program\Windows Media Connect 2
[2009-08-04|08:59] C:\Program\Windows Media Player
[2009-08-04|08:59] C:\Program\Windows NT
[2007-02-25|21:03] C:\Program\WindowsUpdate
[2007-02-27|15:27] C:\Program\Vstplugins
[2007-02-25|21:05] C:\Program\xerox
[0|fil(er)] C:\Program\byte
[78|katalog(er)] C:\Program\byte ledigt

--------------------\\ Listing Folders in C:\Program\Delade filer

[2007-02-25|22:04] C:\Program\Delade filer\ACD Systems
[2009-09-29|10:36] C:\Program\Delade filer\Adobe
[2007-06-04|08:21] C:\Program\Delade filer\Ahead
[2009-07-02|17:08] C:\Program\Delade filer\Apple
[2010-01-02|19:50] C:\Program\Delade filer\Blizzard Entertainment
[2007-02-25|22:10] C:\Program\Delade filer\DESIGNER
[2007-05-17|08:04] C:\Program\Delade filer\InstallShield
[2007-04-09|19:40] C:\Program\Delade filer\Java
[2009-09-17|18:05] C:\Program\Delade filer\Microsoft Shared
[2007-02-25|21:03] C:\Program\Delade filer\MSSoap
[2007-02-25|21:54] C:\Program\Delade filer\ODBC
[2009-12-18|19:16] C:\Program\Delade filer\PC Tools
[2007-05-04|17:43] C:\Program\Delade filer\Real
[2010-02-26|15:48] C:\Program\Delade filer\Realtime Soft
[2007-06-05|07:33] C:\Program\Delade filer\Roxio Shared
[2007-02-25|21:03] C:\Program\Delade filer\Services
[2009-12-21|02:14] C:\Program\Delade filer\Skype
[2007-06-17|08:21] C:\Program\Delade filer\Sony Ericsson Shared
[2007-02-25|21:54] C:\Program\Delade filer\SpeechEngines
[2009-10-11|17:01] C:\Program\Delade filer\Symantec Shared
[2009-08-04|11:57] C:\Program\Delade filer\System
[2007-06-17|08:22] C:\Program\Delade filer\Teleca Shared
[2007-02-26|14:49] C:\Program\Delade filer\Ulead Systems
[2009-09-16|15:36] C:\Program\Delade filer\Windows Live
[2009-09-13|14:57] C:\Program\Delade filer\Wise Installation Wizard
[2007-05-04|17:43] C:\Program\Delade filer\xing shared
[0|fil(er)] C:\Program\Delade filer\byte
[28|katalog(er)] C:\Program\Delade filer\byte ledigt

--------------------\\ Process

( 53 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

Haag
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-02-25
OS OS : Windows XP
Points Points : 24838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cant get rid of "Antivirus soft"

Post by Belahzur on Sun Feb 28, 2010 11:57 pm

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    [2010-02-25 14:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fredrik\Lokala inställningar\Application Data\pjveuq

    :files
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\bone atom mfcd license
    C:\WINDOWS\tasks\NKNKYZ.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum