Help!

[lefty182]

http://pastebin.com/Kz0mnSMi

Recently (starting around this week), my computer has started having lag in spikes. Around every minute or so services.exe'll suddenly go to 100%, freeze for 5-10 seconds, and then go back to normal. Help would be much appreciated.

[Jintan]

Welcome to HijackThis.de lefty182,

You will need to post any log files here, in the forum thread. Since we will need additional info, do the following steps, being sure to post the logs here in your request thread.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.



Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

[lefty182]

Alright, here are the scan logs:

log.txt - http://pastebin.com/LwqyHEys

info.txt - http://pastebin.com/D7WbeXsk

For some reason, the first gmer scan won't work no matter what I do. In safe mode, or normal mode, my computer crashes.

The second mbr scan works fine, though, and it's here - http://pastebin.com/DvuMfPNJ

[Jintan]

If you check some of the other request threads in this forum lefty182, you will see how they posted the log results in the thread. Need to post them here, in your thread, for review.

[lefty182]

Alright, here we go... (Just making sure you saw, but like I said in my last post, I can't do the 3rd scan or my computer crashes)

Logfile of random's system information tool 1.08 (written by random/random)
Run by TempLol at 2010-08-27 20:14:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (10%) free of 148 GB
Total RAM: 1022 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:14:46 PM, on 8/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Livestream Procaster\Procaster.exe
C:\Documents and Settings\TempLol\My Documents\Downloads\RSIT.exe
C:\Documents and Settings\TempLol\My Documents\Applications\Cleaner\TempLol.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: IntelR Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 5733 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Driver Robot.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-08-25 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-06-17 139264]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-09-15 57344]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.E XE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.E XE [2004-08-03 455168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-23 339968]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG .EXE [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"SetDefaultMIDI"=MIDIDef.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-08-25 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dyyno Launcher]
C:\Documents and Settings\TempLol\Local Settings\Application Data\Dyyno Viewer\dyyno_launcher.exe [2010-03-12 2418016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
C:\Program Files\Livestream Procaster\Procaster.exe [2010-04-08 6690080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PlugPlay"=2

C:\Documents and Settings\TempLol\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-21 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-08-25 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Roya le.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=1
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1144014149\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1144014149\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\rift333\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\rift333\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\rift333\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\rift333\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\rift333\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\rift333\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin"="C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion"
"C:\Program Files\Nexuiz\nexuiz-dedicated.exe"="C:\Program Files\Nexuiz\nexuiz-dedicated.exe:*:Enabled:Nexuiz"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:E nabled:<ijji Downloader>"
"C:\Program Files\Warcraft III\war3.exe"="C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft 3"
"C:\Documents and Settings\Jason\My Documents\Applications\wc3\Hax\listchecker\pickup.listchecke r.exe"="C:\Documents and Settings\Jason\My Documents\Applications\wc3\Hax\listchecker\pickup.listchecke r.exe:*:Enabledickup.listchecker"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Tortun\gui.exe"="C:\Program Files\Tortun\gui.exe:*:Enabled:gui"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Documents and Settings\Jason\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Jason\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Documents and Settings\Jason\Local Settings\Temp\Blizzard Launcher Temporary - 0f143ac0\Launcher.exe"="C:\Documents and Settings\Jason\Local Settings\Temp\Blizzard Launcher Temporary - 0f143ac0\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Jason\Local Settings\Temp\Blizzard Launcher Temporary - 0da67dd8\Launcher.exe"="C:\Documents and Settings\Jason\Local Settings\Temp\Blizzard Launcher Temporary - 0da67dd8\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft Public Test\Launcher.exe"="C:\Program Files\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm"="C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2"
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"="C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"
"C:\Program Files\Xfire\dppm_source.exe"="C:\Program Files\Xfire\dppm_source.exe:*:Enabledyyno P2P Source Application"
"C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Jason\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\D ocuments and Settings\Jason\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player"
"C:\Documents and Settings\Jason\Desktop\lc\pickup.listchecker.exe"="C:\Docume nts and Settings\Jason\Desktop\lc\pickup.listchecker.exe:*:Enabledickup.listchecker"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Heroes of Newerth\hon.exe"="C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:hon"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe"="C:\Program Files\Dyyno\Dyyno Broadcaster\dgcsrv.exe:*:Enabledyyno Broadcaster"
"C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe"="C:\Program Files\Dyyno\Dyyno Broadcaster\dppm_source.exe:*:Enabledyyno Broadcaster"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Steam\steamapps\themaetrellik\synergy dedicated server\srcds.exe"="C:\Program Files\Steam\steamapps\themaetrellik\synergy dedicated server\srcds.exe:*:Enabled:Synergy Dedicated Server"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewe r Remote Control Application"
"C:\Program Files\Scarlet Weather Rhapsody\th105e.exe"="C:\Program Files\Scarlet Weather Rhapsody\th105e.exe:*:Enabled:Scarlet Weather Rhapsody"
"C:\Program Files\Scarlet Weather Rhapsody\th105.exe"="C:\Program Files\Scarlet Weather Rhapsody\th105.exe:*:Enabled:th105"
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-27 20:14:34 ----DC---- C:\rsit
2010-08-26 02:51:34 ----D---- C:\Program Files\Defraggler
2010-08-26 02:25:42 ----D---- C:\Program Files\CCleaner
2010-08-25 18:12:41 ----HDC---- C:\$AVG
2010-08-25 17:58:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-08-25 17:57:58 ----A---- C:\WINDOWS\system32\drivers\avgtdix.sys
2010-08-25 17:57:51 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys
2010-08-25 17:57:49 ----A---- C:\WINDOWS\system32\drivers\avgmfx86.sys
2010-08-25 17:57:40 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-25 17:53:20 ----D---- C:\Program Files\AVG
2010-08-25 17:52:55 ----DC---- C:\Documents and Settings\All Users\Application Data\avg9
2010-08-22 02:40:03 ----DC---- C:\Documents and Settings\TempLol\Application Data\ShanghaiAlice
2010-08-16 11:18:18 ----DC---- C:\Documents and Settings\All Users\Application Data\PopCap Games
2010-08-13 03:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 03:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 03:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 03:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 03:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 03:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 03:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-13 03:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 19:20:02 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-10 19:20:02 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-10 19:20:02 ----A---- C:\WINDOWS\system32\java.exe
2010-08-10 06:31:16 ----DC---- C:\Documents and Settings\TempLol\Application Data\Ponscripter
2010-08-10 05:53:22 ----DC---- C:\Documents and Settings\All Users\Application Data\Narcissu Side 2nd
2010-08-10 05:51:58 ----D---- C:\Program Files\Narcissu 2
2010-08-06 16:54:08 ----DC---- C:\Documents and Settings\TempLol\Application Data\.minecraft
2010-08-03 02:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-31 00:25:38 ----DC---- C:\Documents and Settings\TempLol\Application Data\dvdcss
2010-07-29 20:19:43 ----D---- C:\Program Files\PFPortChecker
2010-07-29 19:27:45 ----DC---- C:\Documents and Settings\TempLol\Application Data\TeamViewer
2010-07-29 19:27:21 ----D---- C:\Program Files\TeamViewer
2010-07-28 07:37:15 ----D---- C:\Program Files\Starcraft 2

======List of files/folders modified in the last 1 months======

2010-08-27 20:14:40 ----D---- C:\WINDOWS\Prefetch
2010-08-27 20:10:55 ----D---- C:\Program Files\Common Files\Akamai
2010-08-27 10:36:06 ----RASHC---- C:\boot.ini
2010-08-27 10:36:06 ----AC---- C:\WINDOWS\SYSTEM.INI
2010-08-27 10:36:06 ----A---- C:\WINDOWS\win.ini
2010-08-27 09:31:09 ----D---- C:\WINDOWS\system32\inetsrv
2010-08-27 09:29:37 ----D---- C:\WINDOWS\TEMP
2010-08-27 09:28:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-27 09:25:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-27 08:48:42 ----HD---- C:\WINDOWS\inf
2010-08-26 15:34:56 ----D---- C:\WINDOWS
2010-08-26 15:12:47 ----D---- C:\WINDOWS\Minidump
2010-08-26 02:59:01 ----D---- C:\WINDOWS\system32\drivers
2010-08-26 02:51:34 ----D---- C:\Program Files
2010-08-26 02:25:42 ----DC---- C:\Documents and Settings\TempLol\Application Data\Xfire
2010-08-26 01:42:26 ----D---- C:\WINDOWS\system32\config
2010-08-26 01:13:12 ----D---- C:\WINDOWS\Debug
2010-08-26 00:50:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-25 22:24:07 ----D---- C:\WINDOWS\system32
2010-08-25 18:12:43 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2010-08-25 17:52:48 ----SHD---- C:\WINDOWS\Installer
2010-08-25 17:52:06 ----SHDC---- C:\Config.Msi
2010-08-25 17:45:26 ----D---- C:\WINDOWS\WinSxS
2010-08-24 17:13:55 ----D---- C:\Program Files\Warcraft III
2010-08-24 15:59:58 ----D---- C:\Program Files\Garena
2010-08-22 18:26:18 ----D---- C:\Program Files\Heroes of Newerth
2010-08-22 18:25:14 ----D---- C:\WINDOWS\system32\DirectX
2010-08-21 23:04:02 ----DC---- C:\Documents and Settings\TempLol\Application Data\Skype
2010-08-21 17:16:35 ----DC---- C:\Documents and Settings\TempLol\Application Data\skypePM
2010-08-19 00:35:21 ----DC---- C:\Documents and Settings\TempLol\Application Data\uTorrent
2010-08-16 11:15:15 ----D---- C:\Program Files\Steam
2010-08-13 11:58:00 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-13 11:57:53 ----RSD---- C:\WINDOWS\assembly
2010-08-13 03:24:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-08-13 03:24:49 ----D---- C:\WINDOWS\system32\en-us
2010-08-13 03:24:48 ----D---- C:\Program Files\Internet Explorer
2010-08-13 03:24:41 ----D---- C:\WINDOWS\ie7updates
2010-08-13 03:23:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 03:20:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-13 03:06:02 ----D---- C:\Program Files\Movie Maker
2010-08-10 19:20:41 ----D---- C:\Program Files\Common Files\Java
2010-08-10 19:19:54 ----D---- C:\Program Files\Java
2010-08-03 14:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-02 12:24:39 ----RD---- C:\Program Files\Skype
2010-08-02 03:21:25 ----DC---- C:\Documents and Settings\All Users\Application Data\umineko4final
2010-07-29 21:26:50 ----D---- C:\Program Files\Xfire
2010-07-28 07:37:10 ----D---- C:\Program Files\Rocket Division Software
2010-07-28 07:37:09 ----D---- C:\Program Files\Scarlet Weather Rhapsody

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iastor.sys [2005-06-17 872064]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-05-15 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-08-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-08-25 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-08-25 243024]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 ELhid;ELhid; C:\WINDOWS\System32\DRIVERS\ELhid.sys [2005-12-12 10112]
R1 ELkbd;ELkbd; C:\WINDOWS\System32\DRIVERS\ELkbd.sys [2005-12-12 6912]
R1 ELmon;ELmon; C:\WINDOWS\System32\DRIVERS\ELmon.sys [2005-12-12 7040]
R1 ELmou;ELmou; C:\WINDOWS\System32\DRIVERS\ELmou.sys [2005-12-12 6400]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-10 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 StarPortLite;StarPort Storage Controller (Lite); C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 85760]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-07-21 3565056]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-11 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-26 158464]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-08-25 176128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-11 106496]
R3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys []
S2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
S2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\zntport.sys []
S3 a9trj327;a9trj327; C:\WINDOWS\system32\drivers\a9trj327.sys []
S3 al25shcs;al25shcs; C:\WINDOWS\system32\drivers\al25shcs.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2005-12-12 7808]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\TempLol\LOCALS~1\Temp\ONQ17.tmp []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-01-20 27776]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-01-20 36608]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-01-20 69376]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\NPF.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter; C:\WINDOWS\system32\DRIVERS\SWLD23U.sys [2003-12-17 82888]
S3 swlubtl;WLAN USB Boot Device; C:\WINDOWS\System32\Drivers\swlubtl.sys [2003-05-02 53690]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 XDva328;XDva328; \??\C:\WINDOWS\system32\XDva328.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-21 602112]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-08-25 308136]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-06-17 86140]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ELService;IntelR Quick Resume Technology Drivers; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe [2005-12-12 180224]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.e xe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFont Cache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-03-19 69632]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-08 654848]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-27 66872]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []





======Uninstall list======

“??u”e‘z“V Ver1.06-->"C:\Program Files\Scarlet Weather Rhapsody\unins000.exe"
-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.ex e -maintain plugin
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup .exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Alien Swarm-->"C:\Program Files\Steam\steam.exe" steam://uninstall/630
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_Run DLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BellSouth Wireless LAN USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Catalyst Control Center - Branding-->MsiExec.exe /I{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Crimsoness 1.01E-->C:\Program Files\Crimsoness\uninst.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro-->"C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe
Dyyno Broadcaster-->"C:\Program Files\Dyyno\Dyyno Broadcaster\uninstall.exe"
Dyyno Viewer-->MsiExec.exe /I{56C852C6-D5D6-4A91-9712-C154B3FA1D5A}
DyynoPlayer 0.8.6f.2-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ffdshow [rev 3029] [2009-07-10]-->"C:\Program Files\ffdshow\unins000.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Garena 2010-->C:\Program Files\Garena\uninst.exe
GKLauncher-->"C:\Program Files\InstallShield Installation Information\{961346DF-FE43-4392-99FC-47B1F5A882C3}\setup.exe" -runfromtemp -l0x0009 -removeonly
gmax-->MsiExec.exe /X{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Heroes of Newerth-->C:\Program Files\Heroes of Newerth\uninstall.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Instant Death! Panda Samurai 1.2E-->C:\Program Files\Instant Death! Panda Samurai\uninst.exe
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Intel(R) Quick Resume Technology Drivers-->MsiExec.exe /I{8C22F265-DE76-44D1-8A79-A71D819137DA}
Intel(R) Quick Resume Technology Drivers-->MsiExec.exe /X{8C22F265-DE76-44D1-8A79-A71D819137DA} /qb!
IntelR Viiv?-->MsiExec.exe /X{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Livestream Procaster-->MsiExec.exe /I{458207CA-1B0C-4A35-AEDF-9C9D5B0579C5}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Lucidity-->"C:\Program Files\Steam\steam.exe" steam://uninstall/32410
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB979904)-->"C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfi x.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M97990 6\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuni nst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spu ninst\spuninst.exe"
Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Narcissu 2 English v1.0-->C:\Program Files\Narcissu 2\uninstall.exe
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NSIS SWR English-->"C:\Program Files\Scarlet Weather Rhapsody\uninstall_th105e.exe"
NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}
Opera 9.27-->MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
Paint.NET v3.31-->MsiExec.exe /X{51AFB69C-1C54-4C77-A888-2860F8CD3E7D}
PFPortChecker 1.0.32-->C:\Program Files\PFPortChecker\uninst.exe
PlayOnline Viewer and Tetra Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.e xe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Shift 1.00E-->C:\Program Files\Red Shift\uninst.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SchoolDays-->MsiExec.exe /X{8FF800ED-97BB-4F68-AC79-A3CD20496157}
Search Assist-->MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.e xe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.e xe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype(TM) 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
StarBurn Version 10.0 (Build 0x20080229)-->"C:\Program Files\Rocket Division Software\StarBurn\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Umineko no Naku Koro ni English v4.3.1-->C:\Program Files\07th_Expansion\Umineko4\uninstall.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VVVVVV (Window v1.0)-->"C:\Program Files\VVVVVV\unins000.exe"
WebKeySoft Process Manager 2 Lite-->MsiExec.exe /I{0743122B-5C12-4F99-A92F-9DCDBF7EE221}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.ex e"
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\XviD\unins001.exe"
沙耶の唄-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{82D040D1-F95B-4C96-AF5C-B6A1E138EC6E}\setup.exe" -l0x11

=====HijackThis Backups=====

O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE [2008-03-02]
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE [2008-03-02]
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-03-02]
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [2008-03-02]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-02]
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c [2008-03-02]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2008-03-02]
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray [2008-03-02]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [2008-03-02]
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe [2008-03-02]
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2008-09-04]
O4 - HKLM\..\Run: [MShelp] RUNDLL32.EXE C:\WINDOWS\system32\BhoPlugin.dll,Install [2008-09-04]
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [2009-05-24]
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab [2009-11-14]
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2009-11-14]
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2009-11-14]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab [2009-11-14]
O15 - ESC Trusted Zone: http://*.update.microsoft.com [2009-11-14]
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-11-14]
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-14]
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2009-11-14]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) [2009-11-14]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 [2009-11-14]
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) [2009-11-14]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2009-11-14]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-11-14]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-11-14]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) [2009-11-14]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) [2009-11-14]
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) [2009-11-14]
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) [2009-11-21]
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) [2009-11-21]

Hosts File Missing
======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\syste m32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.W SH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8594078A]<<
kernel: MBR read successfully
user & kernel MBR OK

[Jintan]

Not sure I see any outright infection here. That mbr.exe -t log suggests a hidden rootkit, or Daemon Tools.

The logs show you have the PlugPlay service disabled though msconfig, which can cause quite a few system programs. For now I suggest you open msconfig, then under the Services tab recheck PlugPlay.


Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

Click the Disable button to disable your CD Emulation drivers, then click Yes to continue.

When the 'Finished!' message appears just click OK.

DeFogger will now ask to reboot the machine - click OK.

DeFogger will create a defogger_disable log on your desktop - post this in your next reply please.

Note: Do not re-enable these drivers until otherwise instructed.

----------

Then run the mbr.exe -t procedure again and post that log please.

[lefty182]

Re-enabled Plug and Play.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:10 on 29/08/2010 (TempLol)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x859C678A]<<
kernel: MBR read successfully
user & kernel MBR OK

[Jintan]

That suggests an active rootkit there, and not just Daemon Tools functions. Just so you do know, security forums like this one do not assist in issues where illegal software is present or in use. These logs show a pattern we see all too often, with torrent programs and often the same very expensive softwares installed. Should any scan results show any of those as illegal all assistance here will be ended.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.

-----------

Then download ComboFix.exe from here to your desktop, then click that to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[lefty182]

Just an update... the spiking is still going on just as before. Thanks a lot for the help thus far.

STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/30 21:13:29.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/30 21:13:30.0031 SWLD23U (1ec513697ef612dcd38fb99271d92398) C:\WINDOWS\system32\DRIVERS\SWLD23U.sys
2010/08/30 21:13:30.0140 swlubtl (115f988b94c6285b0073e88867af2ab0) C:\WINDOWS\system32\Drivers\swlubtl.sys
2010/08/30 21:13:30.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/30 21:13:30.0343 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/08/30 21:13:30.0390 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/08/30 21:13:30.0421 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/08/30 21:13:30.0500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/08/30 21:13:30.0578 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/30 21:13:30.0656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/30 21:13:30.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/30 21:13:30.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/30 21:13:30.0859 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2010/08/30 21:13:30.0921 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/30 21:13:31.0000 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/08/30 21:13:31.0093 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/08/30 21:13:31.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/30 21:13:31.0265 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/08/30 21:13:31.0359 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/30 21:13:31.0468 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/30 21:13:31.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/30 21:13:31.0656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/30 21:13:31.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/30 21:13:31.0718 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/30 21:13:31.0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/30 21:13:31.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/30 21:13:31.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/30 21:13:32.0000 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/08/30 21:13:32.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/08/30 21:13:32.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/30 21:13:32.0265 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/30 21:13:32.0375 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/30 21:13:32.0453 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/08/30 21:13:32.0656 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/08/30 21:13:32.0843 \HardDisk0\MBR - detected Backdoor.Win32.Sinowal.knf (0)
2010/08/30 21:13:32.0859 ============================================================ ====================
2010/08/30 21:13:32.0859 Scan finished
2010/08/30 21:13:32.0859 ============================================================ ====================
2010/08/30 21:13:32.0875 Detected object count: 1
2010/08/30 21:14:19.0062 \HardDisk0\MBR - processing error
2010/08/30 21:14:19.0062 Backdoor.Win32.Sinowal.knf(\HardDisk0\MBR) - User select action: Cure
2010/08/30 21:15:55.0781 Deinitialize success

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 02:11 . 2010-02-01 04:20 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-30 09:43 . 2010-06-17 14:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-30 01:31 . 2008-05-15 05:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-29 23:18 . 2009-12-04 23:28 -------- dc----w- c:\documents and settings\TempLol\Application Data\Xfire
2010-08-29 23:16 . 2006-04-08 18:41 -------- d-----w- c:\program files\Warcraft III
2010-08-29 21:26 . 2010-03-10 21:01 -------- d-----w- c:\program files\Garena
2010-08-29 03:17 . 2006-04-26 01:58 -------- d-----w- c:\program files\LimeWire
2010-08-28 20:15 . 2010-07-28 11:37 -------- d-----w- c:\program files\Starcraft 2
2010-08-26 06:04 . 2010-08-26 06:04 382 ----a-w- c:\program files\Shortcut to Program Files.lnk
2010-08-26 05:39 . 2009-12-04 00:36 38176 -c--a-w- c:\documents and settings\TempLol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-25 22:12 . 2008-09-20 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-08-22 22:26 . 2009-08-04 00:13 -------- d-----w- c:\program files\Heroes of Newerth
2010-08-22 03:04 . 2010-06-03 19:16 -------- dc----w- c:\documents and settings\TempLol\Application Data\Skype
2010-08-21 21:16 . 2010-06-03 19:26 -------- dc----w- c:\documents and settings\TempLol\Application Data\skypePM
2010-08-19 04:35 . 2010-01-02 19:39 -------- dc----w- c:\documents and settings\TempLol\Application Data\uTorrent
2010-08-16 15:15 . 2009-04-16 04:51 -------- d-----w- c:\program files\Steam
2010-08-10 23:20 . 2006-03-19 12:40 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 23:19 . 2006-03-19 12:40 -------- d-----w- c:\program files\Java
2010-08-05 14:43 . 2010-08-05 14:43 61440 -c--a-w- c:\documents and settings\TempLol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-137d52fb-n\decora-sse.dll
2010-08-05 14:43 . 2010-08-05 14:43 12800 -c--a-w- c:\documents and settings\TempLol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-137d52fb-n\decora-d3d.dll
2010-08-05 14:43 . 2010-08-05 14:43 503808 -c--a-w- c:\documents and settings\TempLol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e2a5c33-n\msvcp71.dll
2010-08-05 14:43 . 2010-08-05 14:43 499712 -c--a-w- c:\documents and settings\TempLol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e2a5c33-n\jmc.dll
2010-08-05 14:43 . 2010-08-05 14:43 348160 -c--a-w- c:\documents and settings\TempLol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7e2a5c33-n\msvcr71.dll
2010-08-05 02:30 . 2010-08-05 02:30 61440 -c--a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-315930b7-n\decora-sse.dll
2010-08-05 02:30 . 2010-08-05 02:30 503808 -c--a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38174570-n\msvcp71.dll
2010-08-05 02:30 . 2010-08-05 02:30 499712 -c--a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38174570-n\jmc.dll
2010-08-05 02:30 . 2010-08-05 02:30 348160 -c--a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-38174570-n\msvcr71.dll
2010-08-05 02:30 . 2010-08-05 02:30 12800 -c--a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-315930b7-n\decora-d3d.dll
2010-08-04 23:57 . 2009-12-04 12:47 38176 -c--a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-02 07:21 . 2010-07-27 18:23 -------- dc----w- c:\documents and settings\All Users\Application Data\umineko4final
2010-08-01 02:38 . 2010-07-31 04:25 -------- dc----w- c:\documents and settings\TempLol\Application Data\dvdcss
2010-07-30 01:26 . 2007-12-31 03:32 -------- d-----w- c:\program files\Xfire
2010-07-30 00:19 . 2010-07-30 00:19 -------- d-----w- c:\program files\PFPortChecker
2010-07-29 23:27 . 2010-07-29 23:27 -------- dc----w- c:\documents and settings\TempLol\Application Data\TeamViewer
2010-07-29 23:27 . 2010-07-29 23:27 -------- d-----w- c:\program files\TeamViewer
2010-07-28 11:37 . 2008-05-08 21:36 -------- d-----w- c:\program files\Rocket Division Software
2010-07-28 11:37 . 2010-07-27 11:45 -------- d-----w- c:\program files\Scarlet Weather Rhapsody
2010-07-27 18:29 . 2010-07-27 18:29 -------- dc----w- c:\documents and settings\TempLol\Application Data\ONScripter-En
2010-07-27 17:48 . 2010-07-27 17:48 -------- d-----w- c:\program files\07th_Expansion
2010-07-27 17:30 . 2009-09-05 10:58 -------- d-----w- c:\program files\7-Zip
2010-07-27 13:38 . 2010-04-22 22:43 -------- dc----w- c:\documents and settings\TempLol\Application Data\FrostWire
2010-07-27 11:46 . 2009-03-04 00:40 -------- d-----w- c:\program files\iPod
2010-07-27 05:22 . 2010-07-27 05:14 -------- d-----w- c:\program files\Crimsoness
2010-07-25 00:43 . 2010-07-25 00:43 -------- d-----w- c:\program files\Livestream Procaster
2010-07-25 00:12 . 2010-07-25 00:12 -------- d-----w- c:\program files\VVVVVV
2010-07-20 02:01 . 2010-07-19 04:47 -------- dc----w- c:\documents and settings\TempLol\Application Data\vlc
2010-07-19 19:45 . 2010-07-10 17:03 -------- d-----w- c:\program files\mupen64 0.5
2010-07-19 05:21 . 2008-11-12 00:03 -------- d-----w- c:\program files\VideoLAN
2010-07-17 09:00 . 2010-05-14 19:32 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 04:42 . 2008-03-29 06:09 -------- d-----w- c:\program files\uTorrent
2010-07-11 10:08 . 2007-05-22 03:21 -------- d-----w- c:\program files\Starcraft
2010-07-09 19:04 . 2010-07-09 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-07-08 13:54 . 2010-01-31 08:51 -------- dc----w- c:\documents and settings\TempLol\Application Data\mIRC
2010-07-08 13:46 . 2008-06-12 03:24 -------- d-----w- c:\program files\mIRC
2010-07-08 13:29 . 2010-08-26 06:17 181574 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_103 3.dat
2010-06-30 12:31 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2005-08-16 10:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-03-19 12:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-08-16 10:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-16 10:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 19:26 . 2010-06-03 19:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2008-02-29 03:40 . 2008-02-29 03:40 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll
2007-07-18 01:12 . 2006-03-27 17:26 104 --sh--r- c:\windows\system32\5BEC3C9783.sys
2007-07-18 01:12 . 2006-03-23 12:12 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"Dyyno Launcher"="c:\documents and settings\TempLol\Local Settings\Application Data\Dyyno Viewer\dyyno_launcher.exe" [2010-03-12 2418016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP. EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP. EXE" [2004-08-04 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.ex e" [2004-08-04 59392]
"Livestream Procaster"="c:\program files\Livestream Procaster\Procaster.exe" [2010-04-08 6690080]

c:\documents and settings\TempLol\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2010-7-9 3493776]

[hkey_local_machine\software\microsoft\windows\currentversion \explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-25 21:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 15:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144014149\\ee\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Dyyno\\Dyyno Broadcaster\\dgcsrv.exe"=
"c:\\Program Files\\Dyyno\\Dyyno Broadcaster\\dppm_source.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\themaetrellik\\synergy dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Scarlet Weather Rhapsody\\th105e.exe"=
"c:\\Program Files\\Scarlet Weather Rhapsody\\th105.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\GloballyOpenPorts\List]
"49646:UDP"= 49646:UDP:utor1
"6110:TCP"= 6110:TCP:Warcraft 3
"6110:UDP"= 6110:UDP:Warcraft 3
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25999:TCP"= 25999:TCP:xfyre
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3517:TCP"= 3517:TCP:Services
"5534:TCP"= 5534:TCP:Services
"10800:TCP"= 10800:TCP:touhou
"Service"= ose
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/25/2010 5:57 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/25/2010 5:57 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 9:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 74480]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [5/8/2008 5:36 PM 85760]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/16/2005 6:18 AM 14336]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 5:17 AM 25088]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\TempLol\LOCALS~1 \Temp\NDU3.tmp --> c:\docume~1\TempLol\LOCALS~1\Temp\NDU3.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 NPF;NetGroup Packet Filter Driver; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 7408]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [3/23/2006 1:02 AM 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [3/23/2006 12:49 AM 53690]
S3 XDva328;XDva328;\??\c:\windows\system32\XDva328.sys --> c:\windows\system32\XDva328.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/8/2008 5:37 PM 717296]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Connection Wizard,ShellNext = hxxp://store.steampowered.com/screenshot/view/33600/0/?size=1024
FF - ProfilePath - c:\documents and settings\TempLol\Application Data\Mozilla\Firefox\Profiles\aad3dmwq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\TempLol\Application Data\Mozilla\Firefox\Profiles\aad3dmwq.default\extensions\{E 2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npActiveGS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-SetDefaultMIDI - MIDIDef.exe
HKCU-Run-Creative MediaSource Go - c:\program files\Creative\MediaSource\Go\CTCMSGo.exe
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
AddRemove-Instant Death! Panda Samurai - c:\program files\Instant Death! Panda Samurai\uninst.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



************************************************************ **************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 22:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************ **************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x85A2F78A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7516f28
\Driver\ACPI -> ACPI.sys @ 0xf73a9cb8
\Driver\atapi -> atapi.sys @ 0xf733b852
\Driver\iaStor -> ntkrnlpa.exe @ 0x80586e11
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> 0x85a95b60
PacketIndicateHandler -> NDIS.sys @ 0xf7169a21
SendHandler -> NDIS.sys @ 0xf714787b
user & kernel MBR OK

************************************************************ **************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\GarenaPEngi ne]
"ImagePath"="\??\c:\docume~1\TempLol\LOCALS~1\Temp\NDU3. tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2010-08-30 22:18:00
ComboFix-quarantined-files.txt 2010-08-31 02:17
ComboFix2.txt 2008-03-02 05:05

Pre-Run: 20,247,724,032 bytes free
Post-Run: 20,488,814,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 04F9D50AC421FE6F8B8B1090D1CB14C5

[Jintan]

The logs show the infection has added it's code to the MBR (Master Boot Record). This is the very first piece of info the systems reads as it starts up. To undo the malware injected code issue requires restoring the MBR to system default settings. If your computer has a hidden recovery partition, such as many Dells and HP's use, the part of the MBR which provides boot access to those may be removed during the MBR fix. But if we do not remove the malware from this critical, early bootup function it will continue to recreate, block removal activities and download/install new infection.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Click here to download AD13's MBRCheck.exe. Then right click that file, and select "Run as administrator". Follow the prompts, then post back here the log it should have created on your desktop. The log name will appear similar to this, with the numbers changed to the date/time you ran MBRCheck.

MBRCheck_07.29.10_17.41.18.txt

--------------

To avoid delays let's also get a copy of the MBR there to check.

Run MBRCheck again.

When prompted, this time enter 'Y' and hit ENTER for more options.

Then enter 1 to dump a copy of the MBR to file ([1] Dump the MBR of a physical disk to file.), and name that file dump.dat

Then enter -1 to exit MBRCheck.

That dump.dat file will be saved to the same location as MBRCheck.

------------------

Then just go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select that dump.dat file on your computer.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.