Spyware or malware... not sure

[kilwan]

Ok ... I checked for the bearshare folder and that ESET folder in C:\. The bearshare folder has 3 files in it ( 2 of them are error log of some kind guessing from the word "ERROR" in the name) and the ESET folder isn't there. I did use NOD32 like 3-4 months ago ... but I got rid of it. I honestly have on idea how that stuff can still be there. Anyway, maybe I did something wrong while making those logs and stuff ... here are some new ones. Oh, and this time I ran RSIT it opened both .txt's

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hrvoje at 2009-05-31 17:35:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (44%) free of 100 GB
Total RAM: 3582 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35, on 2009-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JMRaidSetup.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
C:\Documents and Settings\Hrvoje\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hrvoje.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1232834346328
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6900 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-20 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-20 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-20 148888]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-02-10 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-02-10 1937408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Hrvoje\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Runes of Magic\Runes of Magic.exe"="C:\Program Files\Runes of Magic\Runes of Magic.exe:*:Enabled:Runes of Magic"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2009-05-31 14:55:22 ----D---- C:\WINDOWS\LastGood
2009-05-31 14:52:06 ----D---- C:\Program Files\Microsoft Games
2009-05-31 10:18:57 ----D---- C:\Program Files\GeoGebra
2009-05-30 12:01:49 ----SHD---- C:\RECYCLER
2009-05-30 12:01:46 ----D---- C:\AeriaGames
2009-05-30 11:59:44 ----A---- C:\ComboFix.txt
2009-05-30 11:54:28 ----A---- C:\WINDOWS\zip.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\SWSC.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\SWREG.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\sed.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\PEV.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-30 11:54:28 ----A---- C:\WINDOWS\grep.exe
2009-05-30 11:54:16 ----SD---- C:\ComboFix
2009-05-29 13:38:16 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-05-29 13:38:16 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-05-29 13:38:16 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-05-29 13:38:15 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-05-29 13:38:15 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-05-29 13:38:15 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-05-29 13:38:15 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-05-29 13:37:32 ----D---- C:\WINDOWS\AC54E5443E42443CA91DA00A6974C592.TMP
2009-05-29 13:26:06 ----D---- C:\Program Files\Codemasters
2009-05-28 14:58:50 ----D---- C:\Games
2009-05-27 22:43:05 ----D---- C:\dokumente und einstellungen
2009-05-26 13:12:20 ----D---- C:\Program Files\DAEMON Tools Lite
2009-05-25 12:48:14 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2009-05-25 12:48:09 ----D---- C:\Program Files\Bethesda Softworks
2009-05-25 12:45:50 ----D---- C:\WINDOWS\system32\xlive
2009-05-25 12:42:15 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-05-25 12:40:00 ----D---- C:\Documents and Settings\Hrvoje\Application Data\DAEMON Tools Lite
2009-05-24 18:15:28 ----D---- C:\Bioshock
2009-05-23 11:49:20 ----D---- C:\Program Files\GIGABYTE
2009-05-22 12:48:11 ----D---- C:\WINDOWS\nview
2009-05-22 12:48:11 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-05-22 12:47:25 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-05-20 15:32:27 ----D---- C:\Program Files\JavaFX
2009-05-20 15:32:02 ----D---- C:\Program Files\Sun
2009-05-20 14:28:24 ----D---- C:\Documents and Settings\Hrvoje\Application Data\The Path
2009-05-12 19:47:28 ----D---- C:\Program Files\PopCap Games
2009-05-09 11:27:21 ----D---- C:\Program Files\SystemRequirementsLab
2009-05-09 11:27:18 ----D---- C:\Documents and Settings\Hrvoje\Application Data\SystemRequirementsLab
2009-05-07 11:58:30 ----D---- C:\Program Files\Avira
2009-05-07 11:58:30 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

======List of files/folders modified in the last 1 months======

2009-05-31 17:35:30 ----D---- C:\rsit
2009-05-31 17:35:21 ----D---- C:\WINDOWS\Prefetch
2009-05-31 17:33:13 ----D---- C:\Program Files
2009-05-31 16:33:35 ----D---- C:\Program Files\Mozilla Firefox
2009-05-31 14:55:29 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-31 14:55:25 ----D---- C:\WINDOWS\system32\DirectX
2009-05-31 14:55:24 ----RSD---- C:\WINDOWS\assembly
2009-05-31 14:55:22 ----D---- C:\WINDOWS\TEMP
2009-05-31 14:55:22 ----D---- C:\WINDOWS
2009-05-31 14:55:16 ----SHD---- C:\WINDOWS\Installer
2009-05-31 13:59:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-31 00:11:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-30 22:59:21 ----D---- C:\WINDOWS\system32\drivers
2009-05-30 22:29:57 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-30 17:58:23 ----D---- C:\Program Files\Common Files\Adobe
2009-05-30 17:58:23 ----D---- C:\Program Files\Common Files
2009-05-30 17:51:06 ----D---- C:\Program Files\Adobe
2009-05-30 17:51:06 ----D---- C:\Documents and Settings\Hrvoje\Application Data\Adobe
2009-05-30 17:51:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-30 11:59:47 ----D---- C:\WINDOWS\system32
2009-05-30 11:59:47 ----D---- C:\Qoobox
2009-05-30 11:57:42 ----A---- C:\WINDOWS\system.ini
2009-05-30 11:55:54 ----D---- C:\WINDOWS\AppPatch
2009-05-29 13:38:16 ----HD---- C:\WINDOWS\inf
2009-05-29 13:37:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-29 13:15:22 ----D---- C:\Documents and Settings\Hrvoje\Application Data\uTorrent
2009-05-25 22:24:01 ----D---- C:\Documents and Settings\Hrvoje\Application Data\Bioshock
2009-05-25 12:43:01 ----D---- C:\Documents and Settings\Hrvoje\Application Data\DAEMON Tools
2009-05-24 18:06:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-22 12:49:02 ----D---- C:\WINDOWS\Help
2009-05-22 12:47:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-22 12:47:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-22 12:44:13 ----D---- C:\Program Files\ATI Technologies
2009-05-22 12:43:50 ----D---- C:\WINDOWS\WinSxS
2009-05-22 12:42:52 ----A---- C:\WINDOWS\wininit.ini
2009-05-20 15:31:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-20 15:31:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-20 15:31:49 ----A---- C:\WINDOWS\system32\java.exe
2009-05-20 15:31:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-20 15:31:47 ----D---- C:\Program Files\Java
2009-05-20 14:59:57 ----D---- C:\Program Files\Messenger Plus! Live
2009-05-10 19:18:21 ----RSD---- C:\WINDOWS\Fonts
2009-05-07 09:58:19 ----D---- C:\Program Files\AGEIA Technologies

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-01-05 278984]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-01-05 25416]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-19 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-27 47360]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 19a1eb02;19a1eb02; C:\WINDOWS\System32\drivers\19a1eb02.sys []
S1 3c86b558;3c86b558; C:\WINDOWS\System32\drivers\3c86b558.sys []
S1 acrxpisr;acrxpisr; \??\C:\WINDOWS\system32\drivers\acrxpisr.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 adywksfr;adywksfr; C:\WINDOWS\system32\drivers\adywksfr.sys []
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Hrvoje\LOCALS~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FStarForce;FStarForce; C:\WINDOWS\system32\DRIVERS\FStarForce.sys [2009-01-01 8192]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GT680xNT;ColorPage-Vivid 1200XE; C:\WINDOWS\system32\drivers\gt680x.sys [2003-02-27 17376]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 NTProcDrv;Process creation detector for NT.; \??\C:\Documents and Settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-04 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-20 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-25 2813085]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
S4 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []

-----------------EOF-----------------

[kilwan]

And here's the info.txt. (new one)

info.txt logfile of random's system information tool 1.06 2009-05-31 17:35:40

======Uninstall list======

@BIOS -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\Setup.exe" -l0x9 -removeonly
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->MsiExec /X{64F67489-76BB-4CDD-A236-F954BE774B35}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
AutoSketch Release 9-->MsiExec.exe /I{DB639F99-ED74-49D4-8FFD-5B8C34C00D64}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Electronics Workbench V5.12-->C:\WINDOWS\iun3405.exe C:\Program Files\EWB512
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX100_TX100 Manual-->C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\ENG\USE_G\DOCUNINS.EXE
EPSON SX100 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDE.EXE /R /APD /P:"EPSON SX100 Series"
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
GeoGebra-->"C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe"
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
JavaFX(TM) 1.1 SDK-->MsiExec.exe /X{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_eng.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{64F67489-76BB-4CDD-A236-F954BE774B35}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x001a -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x1a -removeonly
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Robin Hood: The Legend Of Sherwood-->C:\Documents and Settings\Hrvoje\My Documents\Downloads\Robin Hood The Legend Of Sherwood
Runes of Magic-->"C:\Program Files\Runes of Magic\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
UltimateDefrag 2008-->C:\Program Files\DiskTrix\UltimateDefrag2008\Uninstall.EXE /u:"UltimateDefrag 2008"
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WYSIWYG Web Builder 4.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\WYSIWYG Web Builder 4.0\irunin.ini"
WYSIWYG Web Builder 5.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\WYSIWYG Web Builder 5\irunin.ini"

=====HijackThis Backups=====

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') [2009-01-17]
O4 - HKLM\..\Run: [Uwetu] rundll32.exe "C:\WINDOWS\Pqiceved.dll",e [2009-01-17]
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com [2009-01-17]
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab [2009-01-17]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: COMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3284
Source Name: Tcpip
Time Written: 20090510220533.000000+120
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3283
Source Name: Tcpip
Time Written: 20090510205248.000000+120
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3228
Source Name: Tcpip
Time Written: 20090509180146.000000+120
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E2ECD44DC. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 3208
Source Name: Dhcp
Time Written: 20090509161603.000000+120
Event Type: warning
User:

Computer Name: COMPUTER
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 7A7905ACA750. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 3207
Source Name: Dhcp
Time Written: 20090509161602.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: COMPUTER
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 18251
Source Name: usnjsvc
Time Written: 20090409124657.000000+120
Event Type:
User:

Computer Name: COMPUTER
Event Code: 1001
Message: Detection of product '{CF402F64-D71F-4072-B8DA-6E2E648886D7}', feature 'AlwaysInstall' failed during request for component '{9E221992-B412-4761-958C-2DC6FC7DB055}'

Record Number: 18244
Source Name: MsiInstaller
Time Written: 20090409011614.000000+120
Event Type: warning
User: COMPUTER\Hrvoje

Computer Name: COMPUTER
Event Code: 1004
Message: Detection of product '{CF402F64-D71F-4072-B8DA-6E2E648886D7}', feature 'AlwaysInstall', component '{37AF0C64-655E-4787-8C2D-53741653A7BA}' failed. The resource 'C:\Program Files\GameTribe\Dekaron\bin\redist\mss32.dll' does not exist.

Record Number: 18243
Source Name: MsiInstaller
Time Written: 20090409011614.000000+120
Event Type: warning
User: COMPUTER\Hrvoje

Computer Name: COMPUTER
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 18238
Source Name: usnjsvc
Time Written: 20090408222823.000000+120
Event Type:
User:

Computer Name: COMPUTER
Event Code: 1517
Message: Windows saved user COMPUTER\Hrvoje registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 18234
Source Name: Userenv
Time Written: 20090408190430.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\JavaFX\javafx-sdk1.1\bin;C:\Program Files\JavaFX\javafx-sdk1.1\emulator\bin;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

[Shaba]

Please post next contents of this file:

C:\ComboFix.txt

[kilwan]

Here you go.

ComboFix 09-05-30.06 - Hrvoje 2009-05-31 18:18.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.3582.3108 [GMT 2:00]
Running from: c:\documents and settings\Hrvoje\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 12:55 . 2009-05-31 12:55 -------- d-----w- c:\windows\LastGood
2009-05-31 12:52 . 2009-05-31 12:52 -------- d-----w- c:\program files\Microsoft Games
2009-05-31 08:18 . 2009-05-31 08:20 -------- d-----w- c:\program files\GeoGebra
2009-05-30 10:01 . 2009-05-30 11:32 -------- d-----w- C:\AeriaGames
2009-05-29 11:38 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-29 11:38 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-29 11:38 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-29 11:38 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-29 11:38 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-29 11:38 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-29 11:38 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-29 11:37 . 2009-05-29 11:37 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2009-05-29 11:26 . 2009-05-30 10:05 -------- d-----w- c:\program files\Codemasters
2009-05-28 15:16 . 2009-05-28 15:16 -------- d-----w- c:\documents and settings\Hrvoje\Local Settings\Application Data\Activision
2009-05-28 12:58 . 2009-05-30 10:16 -------- d-----w- C:\Games
2009-05-27 20:43 . 2009-05-27 20:43 -------- d-----w- C:\dokumente und einstellungen
2009-05-26 11:12 . 2009-05-27 05:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-25 10:48 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2009-05-25 10:48 . 2009-05-25 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-05-25 10:48 . 2009-05-25 10:48 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-25 10:45 . 2009-05-25 10:45 -------- d-----w- c:\windows\system32\xlive
2009-05-25 10:42 . 2009-05-25 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-25 10:40 . 2009-05-25 10:43 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\DAEMON Tools Lite
2009-05-24 16:15 . 2009-05-24 16:18 -------- d-----w- C:\Bioshock
2009-05-23 09:49 . 2009-05-23 09:49 -------- d-----w- c:\program files\GIGABYTE
2009-05-22 10:48 . 2009-05-22 10:48 -------- d-----w- c:\windows\nview
2009-05-22 10:48 . 2008-10-07 05:33 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-22 10:47 . 2008-10-02 08:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-20 13:40 . 2009-05-20 13:40 -------- d-----w- c:\documents and settings\Hrvoje\javafx-sdk
2009-05-20 13:32 . 2009-05-20 13:32 -------- d-----w- c:\program files\JavaFX
2009-05-20 13:32 . 2009-05-20 13:32 -------- d-----w- c:\program files\Sun
2009-05-20 13:24 . 2009-05-20 13:29 -------- d-----w- c:\documents and settings\Hrvoje\.SunDownloadManager
2009-05-20 12:28 . 2009-05-20 12:45 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\The Path
2009-05-12 17:47 . 2009-05-28 14:46 -------- d-----w- c:\program files\PopCap Games
2009-05-12 17:47 . 2009-05-12 17:47 0 ----a-w- c:\windows\popcreg.dat
2009-05-12 17:47 . 2009-05-12 17:47 0 ----a-w- c:\windows\popcinfot.dat
2009-05-09 09:27 . 2009-05-09 09:27 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-09 09:27 . 2009-05-09 09:27 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-07 09:58 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-07 09:58 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 09:58 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-07 09:58 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-07 09:58 . 2009-05-07 09:58 -------- d-----w- c:\program files\Avira
2009-05-07 09:58 . 2009-05-07 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 12:55 . 2007-11-23 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 15:58 . 2007-12-19 19:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 23:42 . 2008-03-09 13:13 806688 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-29 11:37 . 2008-03-26 11:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 11:15 . 2007-12-23 21:44 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\uTorrent
2009-05-25 20:24 . 2008-07-02 13:32 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\Bioshock
2009-05-25 10:43 . 2007-12-21 17:18 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\DAEMON Tools
2009-05-25 10:40 . 2007-12-21 12:38 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 10:44 . 2007-11-23 20:40 -------- d-----w- c:\program files\ATI Technologies
2009-05-20 13:31 . 2008-12-05 22:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 13:31 . 2008-01-29 12:17 -------- d-----w- c:\program files\Java
2009-05-20 12:59 . 2008-01-05 10:51 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-10 17:50 . 2007-11-23 20:22 96608 ----a-w- c:\documents and settings\Hrvoje\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 07:58 . 2008-03-26 11:23 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-19 10:23 . 2009-02-19 19:55 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\Hamachi
2009-04-19 10:08 . 2009-02-19 19:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-19 09:55 . 2009-04-19 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\dbg
2009-04-19 09:51 . 2009-04-19 09:51 -------- d-----w- c:\program files\Hamachi
2009-04-18 18:56 . 2009-04-09 11:22 -------- d-----w- c:\program files\Runes of Magic
2009-04-18 00:13 . 2009-03-11 11:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-18 00:13 . 2009-03-11 11:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-17 20:10 . 2009-04-17 20:10 -------- d-----w- c:\program files\VS Revo Group
2009-04-15 13:31 . 2009-04-27 20:47 1099128 ----a-w- c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 13:31 . 2009-04-27 20:47 729088 ----a-w- c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-13 11:12 . 2009-02-02 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-08 23:48 . 2009-04-08 23:47 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\FOG Downloader
2009-04-08 08:39 . 2008-04-12 13:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 08:30 . 2009-01-24 22:07 -------- d-----w- c:\program files\SpywareBlaster
2009-04-07 20:46 . 2009-01-17 18:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-07 20:44 . 2007-12-19 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 07:00 . 2009-03-25 09:30 -------- d-----w- c:\program files\Notepad++
2009-04-07 07:00 . 2009-03-25 09:30 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\Notepad++
2009-04-06 09:09 . 2009-04-06 09:09 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-04-05 20:55 . 2009-04-05 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonEU
2009-04-05 19:22 . 2009-04-05 19:22 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\nxgameeu.dll
2009-04-05 19:22 . 2009-04-05 19:22 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
2009-04-05 19:22 . 2009-04-05 19:22 331776 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMResource.dll
2009-04-05 19:22 . 2009-04-05 19:22 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\unicows.dll
2009-04-05 19:22 . 2009-04-05 19:22 532480 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMDll.dll
2009-04-05 19:22 . 2009-04-05 19:22 155648 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGM.exe
2009-04-05 18:15 . 2009-04-05 18:15 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-03-25 09:36 . 2008-01-26 18:11 737280 ----a-w- c:\windows\iun6002.exe
2009-03-13 19:23 . 2008-09-03 19:54 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-03-10 19:46 . 2009-03-10 19:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-03-19 09:56 . 2008-03-19 09:56 872448 --sha-w- c:\windows\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
.

------- Sigcheck -------

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2007-11-23 18:51 1580544 D92FDFA1022E9DDE8358C4C8A830CADC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-30_09.57.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 11:58 . 2009-05-31 11:58 16384 c:\windows\TEMP\Perflib_Perfdata_528.dat
+ 2009-05-31 12:55 . 2009-05-31 12:55 40960 c:\windows\Installer\{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}\ARPPRODUCTICON.exe
- 2009-05-29 11:37 . 2009-05-29 11:37 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-05-31 12:55 . 2005-03-18 16:19 2337488 c:\windows\LastGood\system32\d3dx9_25.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hrvoje\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Runes of Magic\\Runes of Magic.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45682:TCP"= 45682:TCP:sam ga ti pusti

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-07 108289]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S1 19a1eb02;19a1eb02;c:\windows\system32\drivers\19a1eb02.sys --> c:\windows\system32\drivers\19a1eb02.sys [?]
S1 3c86b558;3c86b558;c:\windows\system32\drivers\3c86b558.sys --> c:\windows\system32\drivers\3c86b558.sys [?]
S1 acrxpisr;acrxpisr;\??\c:\windows\system32\drivers\acrxpisr.sys --> c:\windows\system32\drivers\acrxpisr.sys [?]
S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2009-03-08 8192]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [2008-02-10 17376]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys --> c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-07 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - component: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 18:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,7e,6f,f9,d0,ce,15,88,78,4f,77,4c,85,e5,a6,2f,6d,ab,ac,1b,42,e9,72,
17,00,3f,96,06,d1,a2,44,04,2d,8f,5d,85,78,2b,bf,aa,22,ac,9b,93,2b,15,cc,e7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,3a,f2,ea,33,64,19,ee,ad,55,f6,d4,35,85,86,17,d7,6c,31,79,2a,
22,9d,d1,8c,f3,05,4e,73,e8,41,a8,31,e9,4f,6f,85,65,ba,e6,26,b8,3f,14,c1,f1,\
"rkeysecu"=hex:56,48,64,2b,b5,e9,88,e6,4c,08,b7,f2,9e,f3,99,a5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-31 18:22
ComboFix-quarantined-files.txt 2009-05-31 16:22
ComboFix2.txt 2009-05-30 09:59
ComboFix3.txt 2009-04-08 08:36
ComboFix4.txt 2009-03-04 14:19
ComboFix5.txt 2009-05-31 16:17

Pre-Run: 46,273,613,824 bytes free
Post-Run: 46,297,628,672 bytes free

249 --- E O F --- 2009-03-03 16:51

[Shaba]

Please click this link-->Jotti

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

c:\windows\system32\sfcfiles.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

[kilwan]

Found nothing ... on everything...

[Shaba]

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  Code:

  Folder::
  c:\Program Files\uTorrent
  
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=-

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[kilwan]

ComboFix 09-05-30.06 - Hrvoje 2009-05-31 20:05.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.3582.3099 [GMT 2:00]
Running from: c:\documents and settings\Hrvoje\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hrvoje\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\program files\uTorrent\11813-utorrent.e805.dmp
c:\program files\uTorrent\8179-utorrent.2081.dmp
c:\program files\uTorrent\8179-utorrent.b0aa.dmp
c:\program files\uTorrent\uTorrent.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.

2009-05-31 12:55 . 2009-05-31 12:55 -------- d-----w- c:\windows\LastGood
2009-05-31 12:52 . 2009-05-31 12:52 -------- d-----w- c:\program files\Microsoft Games
2009-05-31 08:18 . 2009-05-31 08:20 -------- d-----w- c:\program files\GeoGebra
2009-05-30 10:01 . 2009-05-30 11:32 -------- d-----w- C:\AeriaGames
2009-05-29 11:38 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-05-29 11:38 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-05-29 11:38 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-05-29 11:38 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-05-29 11:38 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-05-29 11:38 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-05-29 11:38 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-05-29 11:37 . 2009-05-29 11:37 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2009-05-29 11:26 . 2009-05-30 10:05 -------- d-----w- c:\program files\Codemasters
2009-05-28 15:16 . 2009-05-28 15:16 -------- d-----w- c:\documents and settings\Hrvoje\Local Settings\Application Data\Activision
2009-05-28 12:58 . 2009-05-30 10:16 -------- d-----w- C:\Games
2009-05-27 20:43 . 2009-05-27 20:43 -------- d-----w- C:\dokumente und einstellungen
2009-05-26 11:12 . 2009-05-27 05:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-25 10:48 . 2008-09-16 22:20 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2009-05-25 10:48 . 2009-05-25 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-05-25 10:48 . 2009-05-25 10:48 -------- d-----w- c:\program files\Bethesda Softworks
2009-05-25 10:45 . 2009-05-25 10:45 -------- d-----w- c:\windows\system32\xlive
2009-05-25 10:42 . 2009-05-25 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-05-25 10:40 . 2009-05-25 10:43 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\DAEMON Tools Lite
2009-05-24 16:15 . 2009-05-24 16:18 -------- d-----w- C:\Bioshock
2009-05-23 09:49 . 2009-05-23 09:49 -------- d-----w- c:\program files\GIGABYTE
2009-05-22 10:48 . 2009-05-22 10:48 -------- d-----w- c:\windows\nview
2009-05-22 10:48 . 2008-10-07 05:33 453152 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-22 10:47 . 2008-10-02 08:07 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-20 13:40 . 2009-05-20 13:40 -------- d-----w- c:\documents and settings\Hrvoje\javafx-sdk
2009-05-20 13:32 . 2009-05-20 13:32 -------- d-----w- c:\program files\JavaFX
2009-05-20 13:32 . 2009-05-20 13:32 -------- d-----w- c:\program files\Sun
2009-05-20 13:24 . 2009-05-20 13:29 -------- d-----w- c:\documents and settings\Hrvoje\.SunDownloadManager
2009-05-20 12:28 . 2009-05-20 12:45 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\The Path
2009-05-12 17:47 . 2009-05-28 14:46 -------- d-----w- c:\program files\PopCap Games
2009-05-12 17:47 . 2009-05-12 17:47 0 ----a-w- c:\windows\popcreg.dat
2009-05-12 17:47 . 2009-05-12 17:47 0 ----a-w- c:\windows\popcinfot.dat
2009-05-09 09:27 . 2009-05-09 09:27 -------- d-----w- c:\program files\SystemRequirementsLab
2009-05-09 09:27 . 2009-05-09 09:27 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-09 09:27 . 2009-05-09 09:27 207872 ----a-w- c:\documents and settings\Hrvoje\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-07 09:58 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-07 09:58 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-07 09:58 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-07 09:58 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-07 09:58 . 2009-05-07 09:58 -------- d-----w- c:\program files\Avira
2009-05-07 09:58 . 2009-05-07 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 12:55 . 2007-11-23 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 15:58 . 2007-12-19 19:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-29 23:42 . 2008-03-09 13:13 806688 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-29 11:37 . 2008-03-26 11:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 11:15 . 2007-12-23 21:44 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\uTorrent
2009-05-25 20:24 . 2008-07-02 13:32 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\Bioshock
2009-05-25 10:43 . 2007-12-21 17:18 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\DAEMON Tools
2009-05-25 10:40 . 2007-12-21 12:38 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 10:44 . 2007-11-23 20:40 -------- d-----w- c:\program files\ATI Technologies
2009-05-20 13:31 . 2008-12-05 22:32 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 13:31 . 2008-01-29 12:17 -------- d-----w- c:\program files\Java
2009-05-20 12:59 . 2008-01-05 10:51 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-10 17:50 . 2007-11-23 20:22 96608 ----a-w- c:\documents and settings\Hrvoje\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 07:58 . 2008-03-26 11:23 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-19 10:23 . 2009-02-19 19:55 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\Hamachi
2009-04-19 10:08 . 2009-02-19 19:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-19 09:55 . 2009-04-19 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\dbg
2009-04-19 09:51 . 2009-04-19 09:51 -------- d-----w- c:\program files\Hamachi
2009-04-18 18:56 . 2009-04-09 11:22 -------- d-----w- c:\program files\Runes of Magic
2009-04-18 00:13 . 2009-03-11 11:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-18 00:13 . 2009-03-11 11:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-17 20:10 . 2009-04-17 20:10 -------- d-----w- c:\program files\VS Revo Group
2009-04-15 13:31 . 2009-04-27 20:47 1099128 ----a-w- c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-04-15 13:31 . 2009-04-27 20:47 729088 ----a-w- c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-04-13 11:12 . 2009-02-02 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-08 23:48 . 2009-04-08 23:47 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\FOG Downloader
2009-04-08 08:39 . 2008-04-12 13:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 08:30 . 2009-01-24 22:07 -------- d-----w- c:\program files\SpywareBlaster
2009-04-07 20:46 . 2009-01-17 18:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-07 20:44 . 2007-12-19 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 07:00 . 2009-03-25 09:30 -------- d-----w- c:\program files\Notepad++
2009-04-07 07:00 . 2009-03-25 09:30 -------- d-----w- c:\documents and settings\Hrvoje\Application Data\Notepad++
2009-04-06 09:09 . 2009-04-06 09:09 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-04-05 20:55 . 2009-04-05 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonEU
2009-04-05 19:22 . 2009-04-05 19:22 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\nxgameeu.dll
2009-04-05 19:22 . 2009-04-05 19:22 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
2009-04-05 19:22 . 2009-04-05 19:22 331776 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMResource.dll
2009-04-05 19:22 . 2009-04-05 19:22 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\unicows.dll
2009-04-05 19:22 . 2009-04-05 19:22 532480 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGMDll.dll
2009-04-05 19:22 . 2009-04-05 19:22 155648 ----a-w- c:\documents and settings\All Users\Application Data\NexonEU\NGM\NGM.exe
2009-04-05 18:15 . 2009-04-05 18:15 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-03-25 09:36 . 2008-01-26 18:11 737280 ----a-w- c:\windows\iun6002.exe
2009-03-13 19:23 . 2008-09-03 19:54 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-03-10 19:46 . 2009-03-10 19:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2008-03-19 09:56 . 2008-03-19 09:56 872448 --sha-w- c:\windows\system32\70554Rapid Hacker v3.0 Final - Maximum Edition.exe
.

------- Sigcheck -------

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2007-11-23 18:51 1580544 D92FDFA1022E9DDE8358C4C8A830CADC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-30_09.57.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-31 11:58 . 2009-05-31 11:58 16384 c:\windows\TEMP\Perflib_Perfdata_528.dat
+ 2009-05-31 12:55 . 2009-05-31 12:55 40960 c:\windows\Installer\{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}\ARPPRODUCTICON.exe
- 2009-05-29 11:37 . 2009-05-29 11:37 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-31 12:55 . 2009-05-31 12:55 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-05-29 11:37 . 2009-05-29 11:37 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-05-31 12:55 . 2005-03-18 16:19 2337488 c:\windows\LastGood\system32\d3dx9_25.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 1937408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Hrvoje\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UTSCSI"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Runes of Magic\\Runes of Magic.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"45682:TCP"= 45682:TCP:sam ga ti pusti

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-07 108289]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S1 19a1eb02;19a1eb02;c:\windows\system32\drivers\19a1eb02.sys --> c:\windows\system32\drivers\19a1eb02.sys [?]
S1 3c86b558;3c86b558;c:\windows\system32\drivers\3c86b558.sys --> c:\windows\system32\drivers\3c86b558.sys [?]
S1 acrxpisr;acrxpisr;\??\c:\windows\system32\drivers\acrxpisr.sys --> c:\windows\system32\drivers\acrxpisr.sys [?]
S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2009-03-08 8192]
S3 GT680xNT;ColorPage-Vivid 1200XE;c:\windows\system32\drivers\Gt680x.sys [2008-02-10 17376]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys --> c:\documents and settings\Hrvoje\My Documents\bot\RohanBotEn1.0.11b\NtProcDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-07 13:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - component: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Hrvoje\Application Data\Mozilla\Firefox\Profiles\wqazupsk.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-31 20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,7e,6f,f9,d0,ce,15,88,78,4f,77,4c,85,e5,a6,2f,6d,ab,ac,1b,42,e9,72,
17,00,3f,96,06,d1,a2,44,04,2d,8f,5d,85,78,2b,bf,aa,22,ac,9b,93,2b,15,cc,e7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,3a,f2,ea,33,64,19,ee,ad,55,f6,d4,35,85,86,17,d7,6c,31,79,2a,
22,9d,d1,8c,f3,05,4e,73,e8,41,a8,31,e9,4f,6f,85,65,ba,e6,26,b8,3f,14,c1,f1,\
"rkeysecu"=hex:56,48,64,2b,b5,e9,88,e6,4c,08,b7,f2,9e,f3,99,a5
.
Completion time: 2009-05-31 20:09
ComboFix-quarantined-files.txt 2009-05-31 18:09
ComboFix2.txt 2009-05-31 16:22
ComboFix3.txt 2009-05-30 09:59
ComboFix4.txt 2009-04-08 08:36
ComboFix5.txt 2009-05-31 18:04

Pre-Run: 46,294,556,672 bytes free
Post-Run: 46,302,752,768 bytes free

251 --- E O F --- 2009-03-03 16:51

[Shaba]

I'm sorry, I have missed your reply.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.

[Shaba]

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.