Alright, here's my problems: This PC went through a number of different viruses, all were removed more or less, but there are some traces I'm unable to clean up. I'm running Windows XP SP2, have Spybot S&D, AVG and Ad-Aware installed and Windows Firewall enabled.

Here's some symptoms:
After logging in to Windows, a few error messages appear, all saying something along the lines of "Cannot find folder C:/Documents", and some other similar folders.
After a reboot, about a dozen different .exe files appear in the "Documents and Settings/username/Local settings/Temp" folder. Among these are 2 .exes whose name is a 3 digit number, a different number each time, these also appear in the process list (I kill these processes and delete the .exes after each reboot).
At random intervals, a sound will play (the clicking sound which plays when a folder is opened in Windows Explorer).
Occasionally, usually at startup, Windows firewall turns off.

I ran Spybot S&D and AVG and removed whatever I could, but neither of them can find the cause of these remaining problems. Spybot also found Virtumonde multiple times in the past, and recently, DNSFlush.cws.

Here's a HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:57, on 09/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\PROGRA~1\AVG\avgam.exe
D:\PROGRA~1\AVG\avgrsx.exe
D:\PROGRA~1\AVG\avgnsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
D:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\cidrive32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: D - {73AF155F-9623-3F62-AEB1-83242B434A59} - C:\WINDOWS\kx14427.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: rafbsvnx - {C46300D6-BEA7-42DB-B65D-90D566CC6CB2} - C:\WINDOWS\rafbsvnx.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\cidrive32.exe
O4 - HKLM\..\Run: [oo] C:\WINDOWS\ndll.exe
O4 - HKCU\..\Run: [Winhlp/Apl] C:\WINDOWS\system32\schedul.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [WindowsUpdate] C:\WINDOWS\system32\WindowsUpdate\winupdate.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cidrive32.exe
O4 - HKCU\..\Policies\Explorer\Run: [WindowsUpdate] C:\WINDOWS\system32\WindowsUpdate\winupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [WindowsUpdate] C:\WINDOWS\system32\WindowsUpdate\winupdate.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [WindowsUpdate] C:\WINDOWS\system32\WindowsUpdate\winupdate.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149291490093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\0040.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: vtqnxfko - {08F73A7A-3A76-41FD-86F2-26A68168D546} - C:\WINDOWS\vtqnxfko.dll (file missing)
O21 - SSODL: tsxngabr - {C6C3B224-1836-449B-825A-B4878D1BA159} - C:\WINDOWS\tsxngabr.dll (file missing)
O21 - SSODL: GootkitSSO - {CE7CEC5B-692E-40A3-BF02-3F7E0DD53B20} - C:\WINDOWS\System32\msxsltsso.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IpSec service (darkness) - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prime95 Service - Unknown owner - D:\games\prime\PRIME95.EXE (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 9697 bytes

Hello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.



This computer is still very heavily infected :sad:



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Thanks. Here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:45, on 15/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Tunngle\TnglCtrl.exe
D:\PROGRA~1\AVG\avgam.exe
D:\PROGRA~1\AVG\avgrsx.exe
D:\PROGRA~1\AVG\avgnsx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
D:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149291490093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prime95 Service - Unknown owner - D:\games\prime\PRIME95.EXE (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8234 bytes



ComboFix 10-04-14.04 - Owner 15/04/2010 18:34:19.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.41.1033.18.2047.1516 [GMT 2:00]
ausgeführt von:: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Owner\Application Data\Adobe\crc.dat
c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
c:\recycler\S-1-5-21-0170722224-4398681752-564593725-2513
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0651281512-8209460011-552542666-1435
c:\recycler\S-1-5-21-0760028476-4060343644-710057559-9999
c:\recycler\S-1-5-21-1356039762-2748535306-028973541-8851
c:\recycler\S-1-5-21-2801184743-6447273300-507133033-2873
c:\recycler\S-1-5-21-3996833053-2991187150-611054754-9233
c:\recycler\S-1-5-21-4742784214-1478725942-174017923-7787
c:\recycler\S-1-5-21-5623102744-5356332619-896165855-4516
c:\recycler\S-1-5-21-7181791045-5636674555-716503115-3430
c:\recycler\S-1-5-21-7994623561-0710645487-144577779-0345
c:\recycler\S-1-5-21-8345501263-1779543434-191890103-4865
c:\windows\eSellerateEngine.dll
c:\windows\reged.exe
c:\windows\sys.com
c:\windows\system32\CID
c:\windows\system32\SvcNm
c:\windows\system32\tmp.reg
c:\windows\system32\url1
c:\windows\system32\url2
c:\windows\system32\url3
c:\windows\system32\WORK.DAT
c:\windows\wpe pro.INI
J:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DARKNESS
-------\Legacy_SSHNAS
-------\Service_darkness


((((((((((((((((((((((( Dateien erstellt von 2010-03-15 bis 2010-04-15 ))))))))))))))))))))))))))))))
.

2010-04-13 11:22 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-11 19:16 . 2010-04-11 19:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-10 16:36 . 2010-04-10 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-04-10 16:35 . 2010-04-10 16:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-04-10 16:25 . 2010-04-10 16:25 -------- d-----w- c:\program files\Avira
2010-04-10 16:25 . 2010-04-10 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-10 16:25 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-10 16:25 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-10 16:25 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-10 16:25 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-10 15:38 . 2008-04-13 22:50 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-04-09 17:55 . 2010-04-09 17:55 -------- d-----w- C:\VundoFix Backups
2010-04-09 10:41 . 2010-04-09 16:29 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-04-04 17:33 . 2010-04-04 17:33 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-04-03 20:42 . 2010-04-03 20:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-30 18:53 . 2010-04-03 20:42 -------- d-----w- c:\program files\DivX
2010-03-30 18:53 . 2010-04-03 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-30 05:05 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-16 22:34 . 2010-03-16 22:34 -------- d-----w- c:\program files\Common Files\eSellerate

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 16:40 . 2010-01-08 22:20 0 ----a-w- c:\windows\system32\Access.dat
2010-04-14 11:56 . 2010-03-24 16:24 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-04-12 22:25 . 2007-11-15 21:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-04-12 10:49 . 2010-02-08 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-11 23:07 . 2008-04-19 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-04-11 19:25 . 2008-02-24 04:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-11 19:16 . 2010-04-11 19:16 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-04-11 15:13 . 2007-12-30 01:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-04-11 06:29 . 2010-04-11 06:29 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-04-09 03:35 . 2008-02-26 17:57 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-04-09 03:34 . 2006-06-07 16:57 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-04-08 03:37 . 2010-02-12 05:37 -------- d-----w- c:\program files\Common Files\BioWare
2010-04-04 17:16 . 2008-02-15 23:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Hamachi
2010-04-03 20:42 . 2010-04-03 20:42 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-03 20:42 . 2010-04-03 20:42 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-03 20:41 . 2010-04-03 20:43 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-03 20:41 . 2010-03-30 18:55 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-22 16:24 . 2009-07-18 20:33 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft
2010-03-16 22:37 . 2010-03-16 22:34 139 ---ha-w- c:\documents and settings\Owner\Application Data\lakerda1967.sys
2010-03-16 22:37 . 2010-03-16 22:34 139 ---ha-w- c:\documents and settings\Owner\Application Data\lakerda1967.sys
2010-03-15 06:59 . 2007-12-30 01:18 -------- d-----w- c:\program files\uTorrent
2010-03-11 12:38 . 2005-10-21 03:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 11:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 23:02 . 2009-01-14 14:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-03 17:39 . 2010-03-03 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2010-02-24 13:11 . 2005-10-17 23:51 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 11:11 . 2010-02-23 10:56 -------- d-----w- c:\program files\SpeedFan
2010-02-21 15:02 . 2010-02-21 15:02 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2005-03-02 01:59 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-03-02 01:34 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 10:05 . 2007-11-16 16:48 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-13 09:58 . 2007-11-16 16:48 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-12 04:33 . 2004-08-04 11:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 11:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-03 13:56 . 2008-02-15 23:11 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2010-02-01 01:45 . 2010-04-11 19:16 38784 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-01 01:45 . 2010-04-11 19:16 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2004-08-04 11:00 . 2006-06-02 18:05 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-11 23:39 . 2006-03-11 23:39 581632 --sha-r- c:\windows\system32\WindowsUpdate\plugin.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-29 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - d:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
SetPointII.lnk - d:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 06:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-11 17:34 1217808 ----a-w- d:\games\Steam\steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\AVG\\avgam.exe"=
"d:\\Program Files\\AVG\\avgupd.exe"=
"d:\\Program Files\\AVG\\avgnsx.exe"=
"d:\\games\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Zattoo\\zattood.exe"=
"d:\\Program Files\\Zattoo\\Zattoo2.exe"=
"d:\\games\\Call of Duty 4\\iw3mp.exe"=
"d:\\games\\Demigod\\bin\\Demigod.exe"=
"d:\\games\\GHIII\\GH3.exe"=
"d:\\games\\Curve\\IPCurve\\ipcurve.exe"=
"d:\\games\\Toblo\\Toblo 1.2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"d:\\games\\cs 1.6\\hl.exe"=
"d:\\games\\Steam\\steamapps\\blame_the_lag\\counter-strike source\\hl2.exe"=
"d:\\games\\Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"j:\\things\\NFS Shift\\shift.exe"=
"j:\\things\\Killing Floor ReVOLVeR\\KillingFloor\\System\\KillingFloor.exe"=
"d:\\Program Files\\VLC\\vlc.exe"=
"j:\\things\\Operation Flashpoint Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\seamonkey\\seamonkey.exe"=
"j:\\things\\Borderlands\\Gearbox Software\\Borderlands\\Binaries\\Borderlands.exe"=
"j:\\things\\cod unpack\\iw4mp.exe"=
"j:\\things\\Serious Sam HD The First Encounter\\Bin\\SamHD.exe"=
"d:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"d:\\Program Files\\Tunngle\\Tunngle.exe"=
"d:\\games\\Steam\\steamapps\\common\\zero gear\\Server\\iw4mp.exe"=
"d:\\games\\Steam\\steam.exe"=
"d:\\Program Files\\Zattoo\\Zattoo.exe"=
"d:\\games\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"d:\\games\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"j:\\things\\Red Faction Guerrilla\\rfg.exe"=
"d:\\Program Files\\poker things\\ddpoker3\\ddpoker.exe"=
"d:\\games\\UT2004\\System\\UT2004.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3783:TCP"= 3783:TCP:BL
"3783:UDP"= 3783:UDP:BL
"29900:TCP"= 29900:TCP:BL
"29900:UDP"= 29900:UDP:BL
"29901:TCP"= 29901:TCP:BL
"29901:UDP"= 29901:UDP:BL
"13139:UDP"= 13139:UDP:BL
"6515:UDP"= 6515:UDP:BL
"7777:TCP"= 7777:TCP:BL
"7777:UDP"= 7777:UDP:BL
"28900:TCP"= 28900:TCP:BL
"27900:UDP"= 27900:UDP:BL
"28910:TCP"= 28910:TCP:BL
"6500:UDP"= 6500:UDP:BL
"9989:UDP"= 9989:UDP:BL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [07/05/2009 20:19 12552]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/10/2006 18:58 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/10/2006 18:58 5248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [07/05/2009 20:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [07/05/2009 20:19 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/04/2010 18:25 135336]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\avgwdsvc.exe [07/05/2009 20:19 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R2 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe [25/12/2009 00:28 682232]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [30/01/2008 01:08 38656]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [25/12/2009 00:28 27136]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys --> c:\windows\system32\DRIVERS\AmdAcpi.sys [?]
S0 gmkop;gmkop; [x]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S4 JCFV;Security Service;c:\windows\system32\svcd\svchost.exe --> c:\windows\system32\svcd\svchost.exe [?]
.
Inhalt des "geplante Tasks" Ordners

2010-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vcf0idji.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin8.dll
FF - plugin: j:\things\Opera\program\plugins\npdsplay.dll
FF - plugin: j:\things\Opera\program\plugins\NPSWF32.dll
FF - plugin: j:\things\Opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Explorer_Run-WindowsUpdate - c:\windows\system32\WindowsUpdate\winupdate.exe
HKU-Default-Explorer_Run-WindowsUpdate - c:\windows\system32\WindowsUpdate\winupdate.exe
SSODL-GootkitSSO-{CE7CEC5B-692E-40A3-BF02-3F7E0DD53B20} - c:\windows\System32\msxsltsso.dll
MSConfigStartUp-oo - c:\windows\ndll.exe
MSConfigStartUp-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
ActiveSetup-{L74C5NXH-A3P7-EK5S-SAW5-582M7HUL4CRL} - c:\windows\system32\WindowsUpdate\winupdate.exe
AddRemove-BrainWave Generator - c:\documents and settings\owner\desktop\bnb\Uninst.isu
AddRemove-CCenter - c:\documents and settings\Owner\Application Data\CCenter\uninstall.exe
AddRemove-HijackThis - J:\HijackThis.exe
AddRemove-Motherboard Monitor 5_is1 - d:\program files\Temperature Monitor\unins000.exe
AddRemove-Populous: The Beginning - d:\games\pop3 play\pop3\Uninst.isu
AddRemove-TmNationsForever_is1 - d:\games\TmNationsForeverd\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 18:42
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A630290]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> 0x8a630290
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xba5d8bb0
PacketIndicateHandler -> NDIS.sys @ 0xba5c7a0d
SendHandler -> NDIS.sys @ 0xba5dbb40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC105A1-FD17-E8F1-B9C0-892ED0053BD3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"laakoamoolnkijhkmgoahhee"=hex:64,62,69,70,6e,6c,65,64,62,70,63,69,6d,69,67,65,
6d,6a,6d,66,6d,6e,62,6b,70,61,64,6b,6f,6c,69,69,6e,6f,6e,65,6b,6c,6b,6c,00,\
"laogfanikkcgpklfjcapajda"=hex:64,62,69,70,6e,6c,65,64,62,70,63,69,6d,69,67,65,
6d,6a,6d,66,6d,6e,62,6b,70,61,64,6b,6f,6c,69,69,6e,6f,6e,65,6b,6c,6b,6c,00,\

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,4e,43,e4,47,d7,12,8f,ef,4f,45,03,e7,3c,41,59,20,5d,c9,ec,fd,f3,a8,
0d,59,6e,1d,47,8c,9d,5e,fe,06,08,a8,59,9d,3e,d7,b0,f5,44,49,15,e4,da,4b,6b,\
"??"=hex:7a,a5,4c,50,0f,5f,f5,12,c9,6b,63,50,b7,ed,3c,e9

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c0,6d,5d,20,2c,b0,25,4b,0e,fc,0d,4d,dc,7c,1f,7f,64,ba,10,97,4c,
24,b9,e7,5c,6a,33,2c,26,44,b7,c3,b0,94,8f,f6,27,63,f7,10,28,06,ad,ac,47,36,\
"rkeysecu"=hex:4b,a0,66,f1,27,b3,77,20,bd,cc,da,32,12,70,4b,09
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
d:\progra~1\AVG\avgam.exe
d:\progra~1\AVG\avgrsx.exe
d:\progra~1\AVG\avgnsx.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-15 18:49:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-15 16:48

Vor Suchlauf: 8,645,267,456 bytes free
Nach Suchlauf: 8,721,727,488 bytes free

- - End Of File - - 21D77E4A9968D96736F6D2E530A1141A

Hi,

Please just copy and paste the reports and logs into this thread and do not attach them, its easier for me to read and research.

browserchoice <-- Did you install this ?

uTorrent<--Your downloading files from and unknown source, not a good idea and virus writers are aware of this and infecting some sites that you may download from.


Lets check further for a rootkit

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

I have no idea what browserchoice is or why I have it. It might have been installed by the guy who built my PC, as he also installed Windows and some drivers and basic programs. Also, I scan everything I torrent.

Gmer causes problems for me: After opening it, it seems to scan something for 2-3 seconds and then suddenly crashes with a standard windows error message (gmer has encountered an error, you might lose information you were working on, etc.). I closed all programs and automatic updates before running it, also I tried redownloading gmer but it crashes in the same way every time.

OK,


Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area.
Do not include the word "Code".



:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\browserchoice.exe
c:\documents and settings\Owner\Application Data\lakerda1967.sys
c:\documents and settings\Owner\Application Data\lakerda1967.sys
c:\program files\Common Files\eSellerate


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.








Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.


Extract the file and run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)

Please post the content of that log TDSSKiller


Post both logs please

Alright, here are the logs:




All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\browserchoice.exe moved successfully.
c:\documents and settings\Owner\Application Data\lakerda1967.sys moved successfully.
File/Folder c:\documents and settings\Owner\Application Data\lakerda1967.sys not found.
c:\program files\Common Files\eSellerate folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BD14510B753F4C2

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Downloads

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 442502 bytes
->FireFox cache emptied: 3474649 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 529193 bytes
->Temporary Internet Files folder emptied: 727021 bytes
->Java cache emptied: 295988004 bytes
->FireFox cache emptied: 78873147 bytes
->Flash cache emptied: 4923699 bytes

%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 3149206 bytes
%systemroot%\System32 .tmp files removed: 9707537 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55711 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 380.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04162010_161318





16:23:15:453 3432 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
16:23:15:453 3432 ================================================================================
16:23:15:453 3432 SystemInfo:

16:23:15:453 3432 OS Version: 5.1.2600 ServicePack: 3.0
16:23:15:453 3432 Product type: Workstation
16:23:15:453 3432 ComputerName: BD14510B753F4C2
16:23:15:453 3432 UserName: Owner
16:23:15:453 3432 Windows directory: C:\WINDOWS
16:23:15:453 3432 Processor architecture: Intel x86
16:23:15:453 3432 Number of processors: 2
16:23:15:453 3432 Page size: 0x1000
16:23:15:453 3432 Boot type: Normal boot
16:23:15:453 3432 ================================================================================
16:23:15:468 3432 UnloadDriverW: NtUnloadDriver error 2
16:23:15:468 3432 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:23:15:515 3432 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:23:15:515 3432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:23:15:515 3432 wfopen_ex: Trying to KLMD file open
16:23:15:515 3432 wfopen_ex: File opened ok (Flags 2)
16:23:15:515 3432 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:23:15:531 3432 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:23:15:531 3432 wfopen_ex: Trying to KLMD file open
16:23:15:531 3432 wfopen_ex: File opened ok (Flags 2)
16:23:15:531 3432 Initialize success
16:23:15:531 3432
16:23:15:531 3432 Scanning Services ...
16:23:15:953 3432 Raw services enum returned 375 services
16:23:15:953 3432
16:23:15:953 3432 Scanning Kernel memory ...
16:23:15:968 3432 Devices to scan: 5
16:23:15:968 3432
16:23:15:968 3432 Driver Name: Disk
16:23:15:968 3432 IRP_MJ_CREATE : BA90EBB0
16:23:15:968 3432 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:23:15:968 3432 IRP_MJ_CLOSE : BA90EBB0
16:23:15:968 3432 IRP_MJ_READ : BA908D1F
16:23:15:968 3432 IRP_MJ_WRITE : BA908D1F
16:23:15:968 3432 IRP_MJ_QUERY_INFORMATION : 804F4562
16:23:15:968 3432 IRP_MJ_SET_INFORMATION : 804F4562
16:23:15:968 3432 IRP_MJ_QUERY_EA : 804F4562
16:23:15:968 3432 IRP_MJ_SET_EA : 804F4562
16:23:15:968 3432 IRP_MJ_FLUSH_BUFFERS : BA9092E2
16:23:15:968 3432 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:23:15:968 3432 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:23:15:968 3432 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:23:15:968 3432 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:23:15:968 3432 IRP_MJ_DEVICE_CONTROL : BA9093BB
16:23:15:968 3432 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
16:23:15:968 3432 IRP_MJ_SHUTDOWN : BA9092E2
16:23:15:968 3432 IRP_MJ_LOCK_CONTROL : 804F4562
16:23:15:968 3432 IRP_MJ_CLEANUP : 804F4562
16:23:15:968 3432 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:23:15:968 3432 IRP_MJ_QUERY_SECURITY : 804F4562
16:23:15:968 3432 IRP_MJ_SET_SECURITY : 804F4562
16:23:15:968 3432 IRP_MJ_POWER : BA90AC82
16:23:15:968 3432 IRP_MJ_SYSTEM_CONTROL : BA90F99E
16:23:15:968 3432 IRP_MJ_DEVICE_CHANGE : 804F4562
16:23:15:968 3432 IRP_MJ_QUERY_QUOTA : 804F4562
16:23:15:968 3432 IRP_MJ_SET_QUOTA : 804F4562
16:23:16:000 3432 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:23:16:000 3432
16:23:16:000 3432 Driver Name: Disk
16:23:16:000 3432 IRP_MJ_CREATE : BA90EBB0
16:23:16:000 3432 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:23:16:000 3432 IRP_MJ_CLOSE : BA90EBB0
16:23:16:000 3432 IRP_MJ_READ : BA908D1F
16:23:16:000 3432 IRP_MJ_WRITE : BA908D1F
16:23:16:000 3432 IRP_MJ_QUERY_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_SET_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_QUERY_EA : 804F4562
16:23:16:000 3432 IRP_MJ_SET_EA : 804F4562
16:23:16:000 3432 IRP_MJ_FLUSH_BUFFERS : BA9092E2
16:23:16:000 3432 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:23:16:000 3432 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:23:16:000 3432 IRP_MJ_DEVICE_CONTROL : BA9093BB
16:23:16:000 3432 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
16:23:16:000 3432 IRP_MJ_SHUTDOWN : BA9092E2
16:23:16:000 3432 IRP_MJ_LOCK_CONTROL : 804F4562
16:23:16:000 3432 IRP_MJ_CLEANUP : 804F4562
16:23:16:000 3432 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:23:16:000 3432 IRP_MJ_QUERY_SECURITY : 804F4562
16:23:16:000 3432 IRP_MJ_SET_SECURITY : 804F4562
16:23:16:000 3432 IRP_MJ_POWER : BA90AC82
16:23:16:000 3432 IRP_MJ_SYSTEM_CONTROL : BA90F99E
16:23:16:000 3432 IRP_MJ_DEVICE_CHANGE : 804F4562
16:23:16:000 3432 IRP_MJ_QUERY_QUOTA : 804F4562
16:23:16:000 3432 IRP_MJ_SET_QUOTA : 804F4562
16:23:16:000 3432 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:23:16:000 3432
16:23:16:000 3432 Driver Name: Disk
16:23:16:000 3432 IRP_MJ_CREATE : BA90EBB0
16:23:16:000 3432 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
16:23:16:000 3432 IRP_MJ_CLOSE : BA90EBB0
16:23:16:000 3432 IRP_MJ_READ : BA908D1F
16:23:16:000 3432 IRP_MJ_WRITE : BA908D1F
16:23:16:000 3432 IRP_MJ_QUERY_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_SET_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_QUERY_EA : 804F4562
16:23:16:000 3432 IRP_MJ_SET_EA : 804F4562
16:23:16:000 3432 IRP_MJ_FLUSH_BUFFERS : BA9092E2
16:23:16:000 3432 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
16:23:16:000 3432 IRP_MJ_DIRECTORY_CONTROL : 804F4562
16:23:16:000 3432 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
16:23:16:000 3432 IRP_MJ_DEVICE_CONTROL : BA9093BB
16:23:16:000 3432 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA90CF28
16:23:16:000 3432 IRP_MJ_SHUTDOWN : BA9092E2
16:23:16:000 3432 IRP_MJ_LOCK_CONTROL : 804F4562
16:23:16:000 3432 IRP_MJ_CLEANUP : 804F4562
16:23:16:000 3432 IRP_MJ_CREATE_MAILSLOT : 804F4562
16:23:16:000 3432 IRP_MJ_QUERY_SECURITY : 804F4562
16:23:16:000 3432 IRP_MJ_SET_SECURITY : 804F4562
16:23:16:000 3432 IRP_MJ_POWER : BA90AC82
16:23:16:000 3432 IRP_MJ_SYSTEM_CONTROL : BA90F99E
16:23:16:000 3432 IRP_MJ_DEVICE_CHANGE : 804F4562
16:23:16:000 3432 IRP_MJ_QUERY_QUOTA : 804F4562
16:23:16:000 3432 IRP_MJ_SET_QUOTA : 804F4562
16:23:16:000 3432 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
16:23:16:000 3432
16:23:16:000 3432 Driver Name: atapi
16:23:16:000 3432 IRP_MJ_CREATE : 8A518C10
16:23:16:000 3432 IRP_MJ_CREATE_NAMED_PIPE : 8A518C10
16:23:16:000 3432 IRP_MJ_CLOSE : 8A518C10
16:23:16:000 3432 IRP_MJ_READ : 8A518C10
16:23:16:000 3432 IRP_MJ_WRITE : 8A518C10
16:23:16:000 3432 IRP_MJ_QUERY_INFORMATION : 8A518C10
16:23:16:000 3432 IRP_MJ_SET_INFORMATION : 8A518C10
16:23:16:000 3432 IRP_MJ_QUERY_EA : 8A518C10
16:23:16:000 3432 IRP_MJ_SET_EA : 8A518C10
16:23:16:000 3432 IRP_MJ_FLUSH_BUFFERS : 8A518C10
16:23:16:000 3432 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A518C10
16:23:16:000 3432 IRP_MJ_SET_VOLUME_INFORMATION : 8A518C10
16:23:16:000 3432 IRP_MJ_DIRECTORY_CONTROL : 8A518C10
16:23:16:000 3432 IRP_MJ_FILE_SYSTEM_CONTROL : 8A518C10
16:23:16:000 3432 IRP_MJ_DEVICE_CONTROL : 8A518C10
16:23:16:000 3432 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A518C10
16:23:16:000 3432 IRP_MJ_SHUTDOWN : 8A518C10
16:23:16:000 3432 IRP_MJ_LOCK_CONTROL : 8A518C10
16:23:16:000 3432 IRP_MJ_CLEANUP : 8A518C10
16:23:16:000 3432 IRP_MJ_CREATE_MAILSLOT : 8A518C10
16:23:16:000 3432 IRP_MJ_QUERY_SECURITY : 8A518C10
16:23:16:000 3432 IRP_MJ_SET_SECURITY : 8A518C10
16:23:16:000 3432 IRP_MJ_POWER : 8A518C10
16:23:16:000 3432 IRP_MJ_SYSTEM_CONTROL : 8A518C10
16:23:16:000 3432 IRP_MJ_DEVICE_CHANGE : 8A518C10
16:23:16:000 3432 IRP_MJ_QUERY_QUOTA : 8A518C10
16:23:16:000 3432 IRP_MJ_SET_QUOTA : 8A518C10
16:23:16:031 3432 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
16:23:16:031 3432
16:23:16:031 3432 Driver Name: atapi
16:23:16:031 3432 IRP_MJ_CREATE : 8A518C10
16:23:16:031 3432 IRP_MJ_CREATE_NAMED_PIPE : 8A518C10
16:23:16:031 3432 IRP_MJ_CLOSE : 8A518C10
16:23:16:031 3432 IRP_MJ_READ : 8A518C10
16:23:16:031 3432 IRP_MJ_WRITE : 8A518C10
16:23:16:031 3432 IRP_MJ_QUERY_INFORMATION : 8A518C10
16:23:16:031 3432 IRP_MJ_SET_INFORMATION : 8A518C10
16:23:16:031 3432 IRP_MJ_QUERY_EA : 8A518C10
16:23:16:031 3432 IRP_MJ_SET_EA : 8A518C10
16:23:16:031 3432 IRP_MJ_FLUSH_BUFFERS : 8A518C10
16:23:16:031 3432 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A518C10
16:23:16:031 3432 IRP_MJ_SET_VOLUME_INFORMATION : 8A518C10
16:23:16:031 3432 IRP_MJ_DIRECTORY_CONTROL : 8A518C10
16:23:16:031 3432 IRP_MJ_FILE_SYSTEM_CONTROL : 8A518C10
16:23:16:031 3432 IRP_MJ_DEVICE_CONTROL : 8A518C10
16:23:16:031 3432 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A518C10
16:23:16:031 3432 IRP_MJ_SHUTDOWN : 8A518C10
16:23:16:031 3432 IRP_MJ_LOCK_CONTROL : 8A518C10
16:23:16:031 3432 IRP_MJ_CLEANUP : 8A518C10
16:23:16:031 3432 IRP_MJ_CREATE_MAILSLOT : 8A518C10
16:23:16:031 3432 IRP_MJ_QUERY_SECURITY : 8A518C10
16:23:16:031 3432 IRP_MJ_SET_SECURITY : 8A518C10
16:23:16:031 3432 IRP_MJ_POWER : 8A518C10
16:23:16:031 3432 IRP_MJ_SYSTEM_CONTROL : 8A518C10
16:23:16:031 3432 IRP_MJ_DEVICE_CHANGE : 8A518C10
16:23:16:031 3432 IRP_MJ_QUERY_QUOTA : 8A518C10
16:23:16:031 3432 IRP_MJ_SET_QUOTA : 8A518C10
16:23:16:031 3432 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
16:23:16:031 3432
16:23:16:031 3432 Completed
16:23:16:031 3432
16:23:16:046 3432 Results:
16:23:16:046 3432 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:23:16:046 3432 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:23:16:046 3432 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:23:16:046 3432
16:23:16:046 3432 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:23:16:046 3432 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:23:16:046 3432 KLMD(ARK) unloaded successfully

Hi,

As a final check, run this quick scan please.

1. Go HERE (http://bamajim.com/Tools/FileLister.zip) and download FileLister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE (http://www.bleepingcomputer.com/tutorials/tutorial105.html)
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.

http://bamajim.com/Images/unzip4.JPG

Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.




Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

C:\Files.txt is just an empty file. If I unpack FileLister and open it like that, it creates a files.txt and 2 other logs in its location, I assume this is the files.txt you want to see? Here are all 3 of those logs (in 2 posts, as they are longer than the post limit).





+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 16/04/2010 23:06:30

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\avgwdsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\AVG\avgam.exe
D:\PROGRA~1\AVG\avgrsx.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\avgnsx.exe
D:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

====== BHO's ======
BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\avgssie.dll

BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

BHO: (NO NAME) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe,
Winlogon\Shell = Explorer.exe

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[NvCplDaemon] = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

====== HKCU\~\Run Keys ======

[SpybotSD TeaTimer] = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe

====== DNS Info (List may be empty) ======


NV Hostname = bd14510b753f4c2
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = bd14510b753f4c2
DeadGWDetectDefault = 1
TCPFinWait2Delay = 16
DhcpNameServer = 192.168.1.1

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

15/04/2010 18:25:32 1170785 C:\Qoobox
15/04/2010 18:29:28 11710 C:\Qoobox\BackEnv
15/04/2010 18:25:32 1142646 C:\Qoobox\Quarantine
15/04/2010 18:30:02 557782 C:\Qoobox\Quarantine\C
15/04/2010 18:40:04 577 C:\Qoobox\Quarantine\C\Documents and Settings
15/04/2010 18:40:04 14 C:\Qoobox\Quarantine\C\Documents and Settings\All Users
15/04/2010 18:40:04 14 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data
15/04/2010 18:40:04 14 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft
15/04/2010 18:40:04 14 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer
15/04/2010 18:40:04 14 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs
15/04/2010 18:40:04 563 C:\Qoobox\Quarantine\C\Documents and Settings\Owner
15/04/2010 18:40:04 23 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data
15/04/2010 18:40:04 23 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Adobe
15/04/2010 18:40:04 540 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu
15/04/2010 18:40:04 540 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs
15/04/2010 18:40:04 540 C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup
15/04/2010 18:30:34 557205 C:\Qoobox\Quarantine\C\WINDOWS
15/04/2010 18:30:34 11538 C:\Qoobox\Quarantine\C\WINDOWS\system32
15/04/2010 18:30:34 0 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers
15/04/2010 18:42:27 562688 C:\Qoobox\Quarantine\J
15/04/2010 18:25:32 22074 C:\Qoobox\Quarantine\Registry_backups
15/04/2010 19:49:25 85 C:\RECYCLER
15/04/2010 19:49:25 85 C:\RECYCLER\S-1-5-21-1993962763-1979792683-839522115-1003
09/04/2010 19:55:26 0 C:\VundoFix Backups
16/04/2010 16:13:18 576829 C:\_OTM
16/04/2010 16:13:18 576829 C:\_OTM\MovedFiles
16/04/2010 16:13:18 572687 C:\_OTM\MovedFiles\04162010_161318
16/04/2010 16:13:20 139 C:\_OTM\MovedFiles\04162010_161318\c_documents and settings
16/04/2010 16:13:20 139 C:\_OTM\MovedFiles\04162010_161318\c_documents and settings\Owner
16/04/2010 16:13:20 139 C:\_OTM\MovedFiles\04162010_161318\c_documents and settings\Owner\Application Data
16/04/2010 16:13:20 279172 C:\_OTM\MovedFiles\04162010_161318\c_program files
16/04/2010 16:13:20 279172 C:\_OTM\MovedFiles\04162010_161318\c_program files\Common Files
17/03/2010 00:34:09 279172 C:\_OTM\MovedFiles\04162010_161318\c_program files\Common Files\eSellerate
16/04/2010 16:13:20 293376 C:\_OTM\MovedFiles\04162010_161318\c_windows
16/04/2010 16:13:20 293376 C:\_OTM\MovedFiles\04162010_161318\c_windows\system32
15/04/2010 18:49:05 28239 32 C:\ComboFix.txt
16/04/2010 23:02:51 0 32 C:\Files.txt
15/04/2010 11:30:45 0 32 C:\report.txt
16/04/2010 16:23:15 23236 32 C:\TDSSKiller.2.2.8.1_16.04.2010_16.23.15_log.txt
09/04/2010 19:55:26 270 32 C:\VundoFix.txt
15/03/2010 02:47:07 4187998 C:\WINDOWS\$NtUninstallKB975561$
15/03/2010 02:47:07 629086 C:\WINDOWS\$NtUninstallKB975561$\spuninst
15/04/2010 12:07:48 1003454 C:\WINDOWS\$NtUninstallKB977816$
15/04/2010 12:07:49 629182 C:\WINDOWS\$NtUninstallKB977816$\spuninst
15/04/2010 12:08:23 956375 C:\WINDOWS\$NtUninstallKB978338$
15/04/2010 12:08:23 630167 C:\WINDOWS\$NtUninstallKB978338$\spuninst
15/04/2010 01:43:33 805754 C:\WINDOWS\$NtUninstallKB978601$
15/04/2010 01:43:33 629114 C:\WINDOWS\$NtUninstallKB978601$\spuninst
24/02/2010 02:56:03 839190 C:\WINDOWS\$NtUninstallKB979306$
24/02/2010 02:56:03 645654 C:\WINDOWS\$NtUninstallKB979306$\spuninst
15/04/2010 01:42:53 713539 C:\WINDOWS\$NtUninstallKB979309$
15/04/2010 01:42:54 629059 C:\WINDOWS\$NtUninstallKB979309$\spuninst
15/04/2010 12:12:52 13226077 C:\WINDOWS\$NtUninstallKB979683$
15/04/2010 12:12:52 632413 C:\WINDOWS\$NtUninstallKB979683$\spuninst
15/04/2010 12:12:16 1085244 C:\WINDOWS\$NtUninstallKB980232$
15/04/2010 12:12:16 629820 C:\WINDOWS\$NtUninstallKB980232$\spuninst
15/04/2010 12:08:30 1059404 C:\WINDOWS\$NtUninstallKB981349$
15/04/2010 12:08:30 629324 C:\WINDOWS\$NtUninstallKB981349$\spuninst
09/04/2010 13:10:36 680057073 C:\WINDOWS\ERDNT
09/04/2010 13:10:36 50842167 C:\WINDOWS\ERDNT\09-04-2010
10/04/2010 06:53:29 467550168 C:\WINDOWS\ERDNT\AutoBackup
10/04/2010 06:53:29 66542440 C:\WINDOWS\ERDNT\AutoBackup\10-04-2010
10/04/2010 06:53:34 15691776 C:\WINDOWS\ERDNT\AutoBackup\10-04-2010\Users
10/04/2010 06:53:34 14671872 C:\WINDOWS\ERDNT\AutoBackup\10-04-2010\Users\00000001
10/04/2010 06:53:35 1019904 C:\WINDOWS\ERDNT\AutoBackup\10-04-2010\Users\00000002
11/04/2010 07:44:40 66644840 C:\WINDOWS\ERDNT\AutoBackup\11-04-2010
11/04/2010 07:44:44 15728640 C:\WINDOWS\ERDNT\AutoBackup\11-04-2010\Users
11/04/2010 07:44:44 14708736 C:\WINDOWS\ERDNT\AutoBackup\11-04-2010\Users\00000001
11/04/2010 07:44:45 1019904 C:\WINDOWS\ERDNT\AutoBackup\11-04-2010\Users\00000002
12/04/2010 12:49:46 66804584 C:\WINDOWS\ERDNT\AutoBackup\12-04-2010
12/04/2010 12:49:50 15831040 C:\WINDOWS\ERDNT\AutoBackup\12-04-2010\Users
12/04/2010 12:49:50 14811136 C:\WINDOWS\ERDNT\AutoBackup\12-04-2010\Users\00000001
12/04/2010 12:49:50 1019904 C:\WINDOWS\ERDNT\AutoBackup\12-04-2010\Users\00000002
13/04/2010 07:25:16 66804584 C:\WINDOWS\ERDNT\AutoBackup\13-04-2010
13/04/2010 07:25:20 15831040 C:\WINDOWS\ERDNT\AutoBackup\13-04-2010\Users
13/04/2010 07:25:20 14811136 C:\WINDOWS\ERDNT\AutoBackup\13-04-2010\Users\00000001
13/04/2010 07:25:21 1019904 C:\WINDOWS\ERDNT\AutoBackup\13-04-2010\Users\00000002
14/04/2010 13:55:39 66804584 C:\WINDOWS\ERDNT\AutoBackup\14-04-2010
14/04/2010 13:55:43 15831040 C:\WINDOWS\ERDNT\AutoBackup\14-04-2010\Users
14/04/2010 13:55:43 14811136 C:\WINDOWS\ERDNT\AutoBackup\14-04-2010\Users\00000001
14/04/2010 13:55:44 1019904 C:\WINDOWS\ERDNT\AutoBackup\14-04-2010\Users\00000002
15/04/2010 11:29:49 66804584 C:\WINDOWS\ERDNT\AutoBackup\15-04-2010
15/04/2010 11:29:56 15831040 C:\WINDOWS\ERDNT\AutoBackup\15-04-2010\Users
15/04/2010 11:29:56 14811136 C:\WINDOWS\ERDNT\AutoBackup\15-04-2010\Users\00000001
15/04/2010 11:29:57 1019904 C:\WINDOWS\ERDNT\AutoBackup\15-04-2010\Users\00000002
16/04/2010 03:38:56 67144552 C:\WINDOWS\ERDNT\AutoBackup\16-04-2010
16/04/2010 03:39:00 15986688 C:\WINDOWS\ERDNT\AutoBackup\16-04-2010\Users
16/04/2010 03:39:00 14966784 C:\WINDOWS\ERDNT\AutoBackup\16-04-2010\Users\00000001
16/04/2010 03:39:01 1019904 C:\WINDOWS\ERDNT\AutoBackup\16-04-2010\Users\00000002
15/04/2010 18:47:41 21552112 C:\WINDOWS\ERDNT\cache
15/04/2010 18:29:28 70028610 C:\WINDOWS\ERDNT\Hiv-backup
15/04/2010 18:34:02 18886656 C:\WINDOWS\ERDNT\Hiv-backup\Users
15/04/2010 18:34:02 1441792 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001
15/04/2010 18:34:02 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002
15/04/2010 18:34:03 1441792 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003
15/04/2010 18:34:03 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004
15/04/2010 18:34:03 14966784 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005
15/04/2010 18:34:03 1019904 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006
15/04/2010 18:40:33 70083906 C:\WINDOWS\ERDNT\subs
15/04/2010 18:40:35 18886656 C:\WINDOWS\ERDNT\subs\Users
15/04/2010 18:40:35 1441792 C:\WINDOWS\ERDNT\subs\Users\00000001
15/04/2010 18:40:35 8192 C:\WINDOWS\ERDNT\subs\Users\00000002
15/04/2010 18:40:35 1441792 C:\WINDOWS\ERDNT\subs\Users\00000003
15/04/2010 18:40:35 8192 C:\WINDOWS\ERDNT\subs\Users\00000004
15/04/2010 18:40:35 14966784 C:\WINDOWS\ERDNT\subs\Users\00000005
15/04/2010 18:40:35 1019904 C:\WINDOWS\ERDNT\subs\Users\00000006
15/04/2010 18:29:33 80412 32 C:\WINDOWS\grep.exe
09/04/2010 15:35:44 1847 32 C:\WINDOWS\ie8_main.log
15/03/2010 02:46:30 8918 32 C:\WINDOWS\KB975561.log
14/04/2010 13:56:45 3429 32 C:\WINDOWS\KB976002-v5.log
15/04/2010 12:06:21 14798 32 C:\WINDOWS\KB977816.log
15/04/2010 12:06:46 15368 32 C:\WINDOWS\KB978338.log
14/04/2010 13:59:04 15700 32 C:\WINDOWS\KB978601.log
24/02/2010 02:56:02 3774 32 C:\WINDOWS\KB979306.log
14/04/2010 13:58:55 14647 32 C:\WINDOWS\KB979309.log
15/04/2010 12:12:33 10050 32 C:\WINDOWS\KB979683.log
31/03/2010 01:19:42 107889 32 C:\WINDOWS\KB980182-IE7.log
15/04/2010 12:12:11 8594 32 C:\WINDOWS\KB980232.log
15/04/2010 12:06:49 15440 32 C:\WINDOWS\KB981349.log
15/04/2010 18:29:33 77312 32 C:\WINDOWS\MBR.exe
15/04/2010 18:29:33 31232 32 C:\WINDOWS\NIRCMD.exe
15/04/2010 18:29:33 261632 32 C:\WINDOWS\PEV.exe
15/04/2010 18:29:33 98816 32 C:\WINDOWS\sed.exe
09/04/2010 06:09:50 12 32 C:\WINDOWS\srun.log
15/04/2010 18:29:33 161792 32 C:\WINDOWS\SWREG.exe
15/04/2010 18:29:33 136704 32 C:\WINDOWS\SWSC.exe
15/04/2010 18:29:33 212480 32 C:\WINDOWS\SWXCACLS.exe
15/04/2010 18:29:33 68096 32 C:\WINDOWS\zip.exe
19/02/2010 21:27:36 720384 32 C:\WINDOWS\system32\DivX.dll
02/03/2010 20:16:04 353592 32 C:\WINDOWS\system32\DivXControlPanelApplet.cpl
19/02/2010 21:27:16 856064 32 C:\WINDOWS\system32\divx_xx07.dll
19/02/2010 21:27:16 847872 32 C:\WINDOWS\system32\divx_xx0a.dll
19/02/2010 21:27:16 856064 32 C:\WINDOWS\system32\divx_xx0c.dll
19/02/2010 21:27:16 839680 32 C:\WINDOWS\system32\divx_xx11.dll
19/02/2010 21:27:16 843776 32 C:\WINDOWS\system32\divx_xx16.dll
08/03/2010 19:59:18 94208 32 C:\WINDOWS\system32\dpl100.dll
30/03/2010 07:05:30 26176 34 C:\WINDOWS\system32\hamachi.sys
23/02/2010 12:56:41 45 32 C:\WINDOWS\system32\initdebug.nfo

====== "\Administrator & All Users\Startup" Last 60 Days======




====== "\Program Files" Last 60 Days======

10/04/2010 18:25:04 94652818 C:\Program Files\Avira
30/03/2010 20:53:25 7444758 C:\Program Files\DivX
04/04/2010 19:33:32 3044040 C:\Program Files\LogMeIn Hamachi
23/02/2010 12:56:42 5139717 C:\Program Files\SpeedFan

======"Drivers" Modified Last 60 Days======

10/04/2010 18:25:04 124784 32 C:\WINDOWS\system32\drivers\avipbb.sys
18/10/2005 01:51:07 455680 32 C:\WINDOWS\system32\drivers\mrxsmb.sys
16/11/2007 18:48:36 138544 32 C:\WINDOWS\system32\drivers\PnkBstrK.sys

====== Files Deleted under "%Temp%" ======

5 Files deleted

======"All Users\Application Data" Last 60 Days======

10/04/2010 18:25:04 116352080 C:\Documents and Settings\All Users\Application Data\Avira
10/04/2010 18:25:04 116352080 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop
10/04/2010 18:25:04 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP
10/04/2010 18:25:04 5062 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG
10/04/2010 18:25:04 49152 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB
10/04/2010 18:25:04 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTS
10/04/2010 18:25:04 56 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\IDX
10/04/2010 18:25:04 17019302 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
10/04/2010 18:25:04 5568 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\JOBS
10/04/2010 18:25:04 670578 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\LOGFILES
10/04/2010 18:25:04 2522 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES
10/04/2010 18:25:04 40130 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\REPORTS
10/04/2010 18:25:04 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\SYSSAFE
10/04/2010 18:25:04 98559405 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP
15/04/2010 12:08:40 3628 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVCONFIG_4bc6e5a8
15/04/2010 12:08:40 3628 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVCONFIG_4bc6e5a8\inifiles
16/04/2010 16:17:55 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4c031672
15/04/2010 13:47:01 67109350 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100415-134701-4E283C71
10/04/2010 18:25:04 0 C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\UPDATE
30/03/2010 20:53:03 3020186 C:\Documents and Settings\All Users\Application Data\DivX
03/04/2010 22:42:33 56969 C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder
03/04/2010 22:42:47 57409 C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel
30/03/2010 20:54:54 362991 C:\Documents and Settings\All Users\Application Data\DivX\DivX7
30/03/2010 20:54:54 120997 C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Codec
30/03/2010 20:54:57 120997 C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Player
30/03/2010 20:54:58 120997 C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Web Player
03/04/2010 22:42:52 56458 C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut
03/04/2010 22:42:55 56766 C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts
03/04/2010 22:42:51 54174 C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder
03/04/2010 22:42:53 57532 C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder
03/04/2010 22:42:54 54166 C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder
03/04/2010 22:42:54 57054 C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents
03/04/2010 22:42:46 52963 C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist
03/04/2010 22:42:37 54073 C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5
30/03/2010 20:53:03 2046031 C:\Documents and Settings\All Users\Application Data\DivX\Setup
03/04/2010 22:41:54 73637 C:\Documents and Settings\All Users\Application Data\DivX\Setup\DefaultBanner
03/04/2010 22:41:56 21000 C:\Documents and Settings\All Users\Application Data\DivX\Setup\EULAs
03/04/2010 22:41:56 21000 C:\Documents and Settings\All Users\Application Data\DivX\Setup\EULAs\consumer
03/04/2010 22:42:54 53600 C:\Documents and Settings\All Users\Application Data\DivX\Update
03/03/2010 19:39:43 34 C:\Documents and Settings\All Users\Application Data\PassMark
03/03/2010 19:39:43 34 C:\Documents and Settings\All Users\Application Data\PassMark\KeyboardTest
14/03/2010 16:36:26 96 C:\Documents and Settings\All Users\Application Data\Real
14/03/2010 16:36:26 96 C:\Documents and Settings\All Users\Application Data\Real\setup
10/04/2010 06:54:11 18100 38 C:\Documents and Settings\All Users\Application Data\1ND8Ib1

====== HKLM\~\ShellServiceObjectDelayLoad======

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll


====== HKLM\~\SharedTaskScheduler======

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\Steam

====== Services ( Services that are Whitelisted are not shown) ======

AmdAcpi (AmdAcpi Bus Filter Driver)- C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys - Boot/Stopped
amdtools (AMD Special Tools Driver)- C:\WINDOWS\system32\DRIVERS\amdtools.sys - System/Stopped
AsIO (AsIO)- C:\WINDOWS\system32\drivers\AsIO.sys - System/Running
AtcL001 (NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller)- C:\WINDOWS\system32\DRIVERS\atl01_xp.sys - Manual/Running
avipbb (avipbb)- C:\WINDOWS\system32\DRIVERS\avipbb.sys - System/Running
gmkop (gmkop)- - Boot/Stopped
LHidFilt (Logitech SetPoint KMDF HID Filter Driver)- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys - Manual/Running
LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver)- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys - Manual/Running
mbmiodrvr (mbmiodrvr)- \??\C:\WINDOWS\system32\mbmiodrvr.sys - System/Running
MTsensor (ATK0110 ACPI UTILITY)- C:\WINDOWS\system32\DRIVERS\ASACPI.sys - Manual/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
nvmpu401 (Service for NVIDIA(R) nForce(TM) MIDI UART)- C:\WINDOWS\system32\drivers\nvmpu401.sys - Manual/Stopped
PnkBstrK (PnkBstrK)- \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys - Manual/Stopped
prodrv06 (StarForce Protection Environment Driver v6)- C:\WINDOWS\system32\drivers\prodrv06.sys - System/Stopped
prohlp02 (StarForce Protection Helper Driver v2)- C:\WINDOWS\system32\drivers\prohlp02.sys - Boot/Running
sfhlp01 (StarForce Protection Helper Driver)- C:\WINDOWS\system32\drivers\sfhlp01.sys - Boot/Running
Si3114r5 (Si3114r5)- C:\WINDOWS\system32\drivers\Si3114r5.sys - Boot/Stopped
SilverLink (Texas Instruments SilverLink (USB GraphLink) Cable)- C:\WINDOWS\system32\Drivers\SilvrLnk.sys - Manual/Stopped
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
SNPSTD3 (USB PC Camera (SNPSTD3))- C:\WINDOWS\system32\DRIVERS\snpstd3.sys - Manual/Stopped
ssmdrv (ssmdrv)- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - System/Running
tap0901t (TAP-Win32 Adapter V9 (Tunngle))- C:\WINDOWS\system32\DRIVERS\tap0901t.sys - Manual/Running
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
Wdf01000 (Wdf01000)- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys - Manual/Running

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 2146 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

OS Type: Microsoft Windows XP Home Edition
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==










info.txt logfile of random's system information tool 1.06 2010-04-16 23:09:03

======Uninstall list======

-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe /PLAYER
-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe /PLUGIN
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}\setup.exe" -l0x9 -removeonly
AC3Filter (remove only)-->D:\Program Files\Windows Media Player\AC3filter Codec\AC3Filter\uninstall.exe
AccessDiver v4.402-->"D:\Program Files\hax\Accessdiver\unins000.exe"
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AutoCAD 2008 - English-->D:\Program Files\Autodesk AutoCAD\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AutoHotkey 1.0.48.05-->D:\Program Files\AutoHotkey\uninst.exe
AV Voice Changer Software DIAMOND 6.0-->D:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE D:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
AVG 8.5-->D:\Program Files\AVG\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Camtasia Studio 5-->MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
C-Free 3.5-->D:\PROGRA~1\C-FREE~1.5\UNWISE.EXE D:\PROGRA~1\C-FREE~1.5\INSTALL.LOG
Chains-->"D:\games\Steam\steam.exe" steam://uninstall/11360
Counter-Strike 1.6-->D:\games\cs 1.6\Uninstal.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DD Poker 3 -->D:\Program Files\poker things\ddpoker3\uninstall.exe
Dev-C++ 5 beta 9 release (4.9.9.2)-->"D:\Dev-Cpp\uninstall.exe"
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dyson v1.20-->"D:\games\JIG\Dyson\unins000.exe"
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
er100LT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ERUNT 1.1j-->"D:\Program Files\ERUNT\unins000.exe"
FaJo XP File Security Extension v1.2-->"C:\Program Files\FaJo\XP File Security Extension\unins000.exe"
FastSum 1.5 Standard Edition and FastSum 1.9 Command-Line Editi-->"D:\Program Files\Checksum\FastSum\unins000.exe"
FileZilla Client 3.0.6-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Frets On Fire-->"D:\games\Frets on Fire\Uninstall.exe"
Gmask 1.70 English-->D:\Program Files\GMask\uninstal.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GPL Ghostscript 8.64-->d:\program files\gs\uninstgs.exe "d:\program files\gs\gs8.64\uninstal.txt"
GSpot Codec Information Appliance-->D:\Program Files\GSpot\Uninstall.exe
GSview 4.9-->d:\program files\Ghostgum\gsview\uninstgs.exe "d:\program files\Ghostgum\gsview\uninstal.txt"
GTK+ 2.8.18-1 runtime environment-->"D:\Program Files\GIMP\GTK\2.0\unins000.exe"
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Digital Photo Advisor-->MsiExec.exe /X{A157DF9D-462F-4BF9-8C5E-3854BC9CC08F}
HP Image Zone 4.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HTMLPad 2007 Pro v8.0-->"D:\Program Files\HTMLPad 2007\unins000.exe"
ImgBurn (Remove Only)-->"D:\Program Files\Imgburn\uninstall.exe"
Inkscape 0.45.1-->"C:\Program Files\Inkscape\uninst.exe"
Interactive User’s Guide-->MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) SE Development Kit 6 Update 12-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160120}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KeyboardTest V3.0-->"J:\things\KeyboardTest\unins000.exe"
LEGO Rock Raiders-->C:\WINDOWS\IsUninst.exe -f"d:\games\Lego Rock Raiders\Uninst.isu"
Liquid War 5.6.4-->"D:\games\Liquid War\uninstall.exe"
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint 5.00-->MsiExec.exe /I{D3120436-1358-4253-9EB2-257FFE8CE1D9}
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
MadOnion.com/3DMark2001 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91B323B5-A79C-4D23-BD6D-046C565F9BCF}\Setup.exe" -l0x9 uninstall -uninst
Magic ISO Maker v5.5 (build 0272)-->D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}
Microsoft Halo-->"D:\games\Halo 1\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
Mirror's Edge Pure Time Trials-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9FF6943-D487-4C97-AF8D-DF0A46E692BF}\setup.exe" -l0x9 -removeonly
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}
MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OF Dragon Rising-->"C:\Program Files\InstallShield Installation Information\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}\setup.exe" -runfromtemp -l0x0009 -removeonly
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.3-->MsiExec.exe /I{54C93A8C-A15A-4439-BE64-2342202D4FF0}
Opera 10.01-->MsiExec.exe /X{12F9942A-E85D-44A6-B054-0B3BC9009625}
Pacific Poker-->D:\PROGRA~1\PACIFI~1\UNWISE.EXE D:\PROGRA~1\PACIFI~1\INSTALL.LOG
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
Peggle Deluxe Demo-->"D:\games\Steam\steam.exe" steam://uninstall/3482
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PSPad editor-->"C:\Program Files\PSPad\unins000.exe"
PSTRUH ActiveX RegEdit-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\pRegEdt.inf, DefaultUninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"
Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
Quake Live Mozilla Plugin-->MsiExec.exe /I{DE08F927-6261-4A43-8D50-FCFDB3EFAC6D}
QuickTime Alternative 2.2.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Red Faction Guerrilla-->"C:\Program Files\InstallShield Installation Information\{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}\setup.exe" -runfromtemp -l0x0409 -removeonly
Red Faction Guerrilla-->MsiExec.exe /I{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}
RM Converter 4.28-->"J:\things\RM Converter\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 Series (KB969878)-->"C:\WINDOWS\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serious Sam 2-->D:\games\Serious Sam 2\Bin\Uninstall.exe
Serious Sam HD The First Encounter-->"J:\things\Serious Sam HD The First Encounter\unins000.exe"
Sid Meier's Alpha Centauri-->C:\WINDOWS\IsUninst.exe -f"d:\games\sid meier's alpha centauri - alien crossfire\Uninst.isu"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"D:\games\StepMania\uninstall.exe"
Swarm Racer 2.11-->D:\games\Swarm Racer\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
Team Fortress 2-->"D:\games\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"D:\Program Files\TeamSpeak\unins000.exe"
Texas Calculatem 4 with "AutoRead"-->"D:\Program Files\TexasCalculatem\unins000.exe"
The Core Media Player 4.0-->"C:\Program Files\CoreCodec\The Core Media Player\uninstall-tcmp4.exe"
The GIMP 2.2.13-->"D:\Program Files\GIMP\GIMP-2.0\unins000.exe"
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Trine-->"D:\games\Trine\unins000.exe"
Tunngle beta-->"D:\Program Files\Tunngle\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unreal Tournament 2004-->D:\games\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB PC Camera-168-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.8a-->D:\Program Files\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\VobSub\uninstall.exe"
WebSlayer-Beta-->MsiExec.exe /I{B0E6C4FC-F27C-40BD-B934-E7CF55857D9C}
Wik & The Fable of Souls-->"D:\games\Wik And The Fable Of Souls\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xfire (remove only)-->"D:\Program Files\Xfire\uninst.exe"
Xpand Rally-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{252436F1-9583-4AD7-AA11-619AFFB96543} /Z"UNINSTALL"
Yawcam v0.3.0-->"D:\Program Files\Yawcam\unins000.exe"
Zattoo 3.3.4 Beta-->D:\Program Files\Zattoo\uninst.exe
Zero Gear Demo-->"D:\games\Steam\steam.exe" steam://uninstall/18800
Zombie Bowl-O-Rama Demo-->"D:\games\Steam\steam.exe" steam://uninstall/32162

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: AVG Anti-Virus
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: AntiVir Desktop
AV: Avira AntiVir PersonalEdition Classic

======System event log======

Computer Name: BD14510B753F4C2
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 59695
Source Name: DCOM
Time Written: 20100409064702.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BD14510B753F4C2
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
AFD
AsIO
AvgLdx86
AvgMfx86
AvgTdiX
Fips
intelppm
IPSec
mbmiodrvr
MRxSmb
NetBIOS
NetBT
prodrv06
RasAcd
Rdbss
Tcpip
WS2IFSL

Record Number: 59694
Source Name: Service Control Manager
Time Written: 20100409064524.000000+120
Event Type: error
User:

Computer Name: BD14510B753F4C2
Event Code: 7001
Message: The TunngleService service depends on the DHCP Client service which failed to start because of the following error:
The dependency service or group failed to start.


Record Number: 59693
Source Name: Service Control Manager
Time Written: 20100409064524.000000+120
Event Type: error
User:

Computer Name: BD14510B753F4C2
Event Code: 7001
Message: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 59692
Source Name: Service Control Manager
Time Written: 20100409064524.000000+120
Event Type: error
User:

Computer Name: BD14510B753F4C2
Event Code: 7001
Message: The Bonjour-Dienst service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 59691
Source Name: Service Control Manager
Time Written: 20100409064524.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: BD14510B753F4C2
Event Code: 12001
Message:
Record Number: 15108
Source Name: usnjsvc
Time Written: 20090721182339.000000+120
Event Type:
User:

Computer Name: BD14510B753F4C2
Event Code: 12001
Message:
Record Number: 15081
Source Name: usnjsvc
Time Written: 20090720154530.000000+120
Event Type:
User:

Computer Name: BD14510B753F4C2
Event Code: 12001
Message:
Record Number: 15069
Source Name: usnjsvc
Time Written: 20090719160525.000000+120
Event Type:
User:

Computer Name: BD14510B753F4C2
Event Code: 1517
Message: Windows saved user BD14510B753F4C2\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15063
Source Name: Userenv
Time Written: 20090719031038.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BD14510B753F4C2
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 15062
Source Name: Userenv
Time Written: 20090719031030.000000+120
Event Type: warning
User: BD14510B753F4C2\Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;D:\Program Files\Checksum\FastSum;D:\Program Files\GIMP\GTK\2.0\bin;C:\Program Files\QuickTime Alternative\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LANG"=C
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-04-16 23:08:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (28%) free of 30 GB
Total RAM: 2047 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:02, on 16/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\avgwdsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\AVG\avgam.exe
D:\PROGRA~1\AVG\avgrsx.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\avgnsx.exe
D:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
D:\Program Files\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149291490093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Prime95 Service - Unknown owner - D:\games\prime\PRIME95.EXE (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - D:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8755 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-07-29 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\games\Steam\Steam.exe [2009-11-11 1217808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SetPointII.lnk - D:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\AVG\avgam.exe"="D:\Program Files\AVG\avgam.exe:*:Enabled:avgam.exe"
"D:\Program Files\AVG\avgupd.exe"="D:\Program Files\AVG\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\avgnsx.exe"="D:\Program Files\AVG\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\games\TmNationsForever\TmForever.exe"="D:\games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\Zattoo\zattood.exe"="D:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood"
"D:\Program Files\Zattoo\Zattoo2.exe"="D:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: "
"D:\games\Call of Duty 4\iw3mp.exe"="D:\games\Call of Duty 4\iw3mp.exe:*:Enabled:iw3mp"
"D:\games\Demigod\bin\Demigod.exe"="D:\games\Demigod\bin\Demigod.exe:*:Enabled:Demigod Application"
"D:\games\GHIII\GH3.exe"="D:\games\GHIII\GH3.exe:*:Enabled:Guitar Hero III"
"D:\games\Curve\IPCurve\ipcurve.exe"="D:\games\Curve\IPCurve\ipcurve.exe:*:Enabled:ipcurve"
"D:\games\Toblo\Toblo 1.2.exe"="D:\games\Toblo\Toblo 1.2.exe:*:Enabled:Toblo 1.2"
"C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher"
"D:\games\cs 1.6\hl.exe"="D:\games\cs 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\games\Steam\steamapps\blame_the_lag\counter-strike source\hl2.exe"="D:\games\Steam\steamapps\blame_the_lag\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\games\Vegas 2\Binaries\R6Vegas2_Game.exe"="D:\games\Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"J:\things\NFS Shift\shift.exe"="J:\things\NFS Shift\shift.exe:*:Enabled:Need for Speed™ SHIFT"
"J:\things\Killing Floor ReVOLVeR\KillingFloor\System\KillingFloor.exe"="J:\things\Killing Floor ReVOLVeR\KillingFloor\System\KillingFloor.exe:*:Enabled:KillingFloor"
"D:\Program Files\VLC\vlc.exe"="D:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"J:\things\Operation Flashpoint Dragon Rising\OFDR.exe"="J:\things\Operation Flashpoint Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising"
"C:\Program Files\seamonkey\seamonkey.exe"="C:\Program Files\seamonkey\seamonkey.exe:*:Enabled:SeaMonkey"
"J:\things\Borderlands\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="J:\things\Borderlands\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"J:\things\cod unpack\iw4mp.exe"="J:\things\cod unpack\iw4mp.exe:*:Enabled:iw4mp"
"J:\things\Serious Sam HD The First Encounter\Bin\SamHD.exe"="J:\things\Serious Sam HD The First Encounter\Bin\SamHD.exe:*:Enabled:Serious Sam HD: The First Encounter"
"D:\Program Files\Tunngle\TnglCtrl.exe"="D:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service"
"D:\Program Files\Tunngle\Tunngle.exe"="D:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client"
"D:\games\Steam\steamapps\common\zero gear\Server\iw4mp.exe"="D:\games\Steam\steamapps\common\zero gear\Server\iw4mp.exe:*:Enabled:iw4mp"
"D:\games\Steam\steam.exe"="D:\games\Steam\steam.exe:*:Enabled:Steam"
"D:\Program Files\Zattoo\Zattoo.exe"="D:\Program Files\Zattoo\Zattoo.exe:*:Enabled: "
"D:\games\Steam\steamapps\common\peggle deluxe\Peggle.exe"="D:\games\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe Demo"
"D:\games\Steam\steamapps\common\zero gear\ZeroGear.bat"="D:\games\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear Demo"
"J:\things\Red Faction Guerrilla\rfg.exe"="J:\things\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla"
"D:\Program Files\poker things\ddpoker3\ddpoker.exe"="D:\Program Files\poker things\ddpoker3\ddpoker.exe:*:Enabled:http://www.ddpoker.com/"
"D:\games\UT2004\System\UT2004.exe"="D:\games\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-04-16 23:08:43 ----D---- C:\rsit
2010-04-16 23:02:51 ----A---- C:\Files.txt
2010-04-16 16:23:15 ----A---- C:\TDSSKiller.2.2.8.1_16.04.2010_16.23.15_log.txt
2010-04-16 16:13:18 ----D---- C:\_OTM
2010-04-15 19:49:25 ----SHD---- C:\RECYCLER
2010-04-15 18:49:05 ----A---- C:\ComboFix.txt
2010-04-15 18:29:33 ----A---- C:\WINDOWS\zip.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\SWSC.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\SWREG.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\sed.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\PEV.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\MBR.exe
2010-04-15 18:29:33 ----A---- C:\WINDOWS\grep.exe
2010-04-15 18:25:32 ----AD---- C:\Qoobox
2010-04-15 12:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 12:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 12:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-15 12:08:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 12:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-15 11:30:45 ----A---- C:\report.txt
2010-04-15 01:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 01:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 21:16:24 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-04-10 18:36:02 ----D---- C:\Documents and Settings\Owner\Application Data\Avira
2010-04-10 18:25:04 ----D---- C:\Program Files\Avira
2010-04-10 18:25:04 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-04-09 19:55:26 ----D---- C:\VundoFix Backups
2010-04-09 19:55:26 ----A---- C:\VundoFix.txt
2010-04-09 13:10:36 ----D---- C:\WINDOWS\ERDNT
2010-04-04 19:33:32 ----D---- C:\Program Files\LogMeIn Hamachi
2010-04-03 22:42:33 ----D---- C:\Program Files\Common Files\DivX Shared
2010-03-30 20:53:25 ----D---- C:\Program Files\DivX
2010-03-30 20:53:03 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-03-17 00:34:09 ----A---- C:\Documents and Settings\Owner\Application Data\docXConverter (3).ini

======List of files/folders modified in the last 1 months======

2010-04-16 23:08:01 ----D---- C:\WINDOWS\Temp
2010-04-16 22:44:13 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-04-16 16:23:16 ----D---- C:\WINDOWS\system32\drivers
2010-04-16 16:18:35 ----D---- C:\WINDOWS
2010-04-16 16:18:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-16 16:16:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-16 16:16:04 ----D---- C:\WINDOWS\system32
2010-04-16 16:13:20 ----D---- C:\Program Files\Common Files
2010-04-16 03:30:11 ----SHD---- C:\WINDOWS\Installer
2010-04-16 03:30:10 ----D---- C:\Config.Msi
2010-04-15 23:46:25 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-04-15 23:11:41 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-04-15 18:42:57 ----D---- C:\WINDOWS\Prefetch
2010-04-15 18:42:31 ----A---- C:\WINDOWS\system.ini
2010-04-15 18:40:42 ----D---- C:\WINDOWS\system32\config
2010-04-15 18:40:04 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2010-04-15 18:38:48 ----D---- C:\WINDOWS\AppPatch
2010-04-15 15:44:59 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-15 13:47:06 ----D---- C:\WINDOWS\Registration
2010-04-15 12:31:51 ----HD---- C:\WINDOWS\inf
2010-04-15 12:13:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 12:12:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-15 12:12:26 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 15:50:42 ----D---- C:\Temp
2010-04-12 12:49:40 ----RD---- C:\Program Files
2010-04-12 12:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-04-12 01:07:40 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania
2010-04-11 21:25:27 ----D---- C:\Program Files\Common Files\Adobe
2010-04-11 21:16:37 ----D---- C:\Program Files\Adobe
2010-04-11 17:16:08 ----A---- C:\RTHDCPL_Dump.txt
2010-04-10 19:41:27 ----D---- C:\Program Files\Internet Explorer
2010-04-10 18:49:26 ----D---- C:\WINDOWS\repair
2010-04-10 18:23:30 ----D---- C:\WINDOWS\WinSxS
2010-04-10 17:48:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-10 10:58:40 ----D---- C:\$AVG8.VAULT$
2010-04-10 08:29:06 ----A---- C:\WINDOWS\WININIT.INI
2010-04-09 19:54:04 ----RSH---- C:\boot.ini
2010-04-09 19:54:04 ----A---- C:\WINDOWS\win.ini
2010-04-09 09:07:41 ----SD---- C:\WINDOWS\Tasks
2010-04-09 08:54:19 ----D---- C:\WINDOWS\system
2010-04-09 05:34:51 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2010-04-08 05:37:33 ----D---- C:\Program Files\Common Files\BioWare
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-04 19:16:00 ----D---- C:\Documents and Settings\Owner\Application Data\Hamachi
2010-04-03 16:04:32 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 09:01:50 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-31 01:52:45 ----D---- C:\WINDOWS\system32\en-US
2010-03-28 15:21:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-22 18:24:25 ----D---- C:\Documents and Settings\Owner\Application Data\.minecraft
2010-03-20 21:24:35 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-22 5685]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-12-20 4637696]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-17 51729]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-07-17 34960]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-07-17 36240]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
S1 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\amdtools.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nvmpu401;Service for NVIDIA(R) nForce(TM) MIDI UART; C:\WINDOWS\system32\drivers\nvmpu401.sys [2004-10-22 10240]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-24 10252672]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG8 WatchDog; D:\PROGRA~1\AVG\avgwdsvc.exe [2009-07-31 297752]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-14 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-04-15 215160]
R2 TunngleService;TunngleService; D:\Program Files\Tunngle\TnglCtrl.exe [2009-12-19 682232]
S2 Prime95 Service;Prime95 Service; D:\games\prime\PRIME95.EXE []
S3 aawservice;Ad-Aware 2007 Service; C:\Program Files\Ad-Aware 2007\aawservice.exe [2008-03-06 587096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-01 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 JCFV;Security Service; C:\WINDOWS\system32\svcd\svchost.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

I would sure like to see GMER, lets try running it again, be sure to disable your anti virus program and the Tea Timer in Spybot. Then were going to disable your CD drivers that may interfere, here are new instructions, just drag GMER to the trash and start over

Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect



Disable Anti Virus
Link (http://www.bleepingcomputer.com/forums/topic114351.html)




Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Next:

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

It worked after a few tries, here's the log:




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-18 13:27:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgqiyfoc.sys


---- System - GMER 1.0.15 ----

SSDT BAFAB186 ZwCreateKey
SSDT BAFAB17C ZwCreateThread
SSDT BAFAB18B ZwDeleteKey
SSDT BAFAB195 ZwDeleteValueKey
SSDT BAFAB19A ZwLoadKey
SSDT BAFAB168 ZwOpenProcess
SSDT BAFAB16D ZwOpenThread
SSDT BAFAB1A4 ZwReplaceKey
SSDT BAFAB19F ZwRestoreKey
SSDT BAFAB190 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9691360, 0x372FAD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text D:\Program Files\Tunngle\TnglCtrl.exe[1740] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [90]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\prohlp02 \Device\ProHlp02 E1B19E78

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC105A1-FD17-E8F1-B9C0-892ED0053BD3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC105A1-FD17-E8F1-B9C0-892ED0053BD3}@laakoamoolnkijhkmgoahhee 0x64 0x62 0x69 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FAC105A1-FD17-E8F1-B9C0-892ED0053BD3}@laogfanikkcgpklfjcapajda 0x64 0x62 0x69 0x70 ...

---- EOF - GMER 1.0.15 ----

Looks ok, how are things running now ?

Looks fine to me, do you think the virus is gone?

It appears to be. When you ran GMER, did you make sure there was a checkmark in the SECTIONS TAB ?

Why don't you use your computer for a few days and then post back and let me know how its running, if your still having issues than run GMER in safemode and make sure the SECTIONS TAB is checked

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.