Nasty Bifrose Trojan [RESOLVED]

Hi demeggy

I am currently reviewing your log and will post back soon.

Please take note of the following points.

• Please keep in mind that there may be a time difference between us, If you are not in the GMT +1 time zone, than you can expect a slight delay.
  
• Please do not run any tools other than what I request of you to run. Some of the tools we will use are very powerful, and using them without the required knowledge could cause more damage and prove to be more troublesome than the problem you are currently facing.
  
• If at any time you have a doubt about what you are to do, please stop there and ask. No question is considered dumb here at GeeksToGo!.

Thanks,

Mike

Hi again,

Let's take a deeper look at your computer.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.

Hi Mike,

cheers for the help so far Please find the requested info below;

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Kris on 2008-05-30 11:39:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kris.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:00 AM, on 5/30/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\WinUpdate.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kris.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinUpdate] C:\WINDOWS\WinUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1078081533-1292428093-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5201 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1 aiptektp (HyperPen) - c:\windows\system32\drivers\aiptektp.sys <Not Verified; AIPTEK International Inc.; AIPTEK Tablet Driver>
2 atksgt - c:\windows\system32\drivers\atksgt.sys
3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 HTTP - system32\drivers\http.sys (file missing)
1 intelppm (Intel Processor Driver) - system32\drivers\intelppm.sys (file missing)
3 ip6fw (IPv6 Windows Firewall Driver) - system32\drivers\ip6fw.sys (file missing)
0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
3 ovt519 (%USB\VID_054C&PID_0154.DeviceDesc%) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
3 PPPoEWin (PPPoEWin Miniport) - c:\windows\system32\drivers\pppoewin.sys <Not Verified; Friendly Technologies; PPPoE Protocol Driver>
3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver>
3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem>
3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - c:\windows\system32\drivers\yk51x86.sys <Not Verified; Marvell; Marvell Yukon Ethernet Controller>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Autodesk Licensing Service - c:\program files\common files\autodesk shared\service\adskscsrv.exe
2 Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc32.exe (file missing)
2 PnkBstrA - c:\windows\system32\pnkbstra.exe (file missing)
2 uploadmgr (Upload Manager) - c:\windows\system32\svchost.exe
2 ZuneNetworkSvc (Zune Network Sharing Service) - c:\program files\zune\zunenss.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 17:37:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-29 20:14:00 0 d--h----- C:\WINDOWS\System32\explorer
2008-05-27 21:43:11 22016 --a------ C:\WINDOWS\System32\drivers\mouclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:43:10 12160 --a------ C:\WINDOWS\System32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:35:08 33792 --a------ C:\WINDOWS\System32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:34:58 20480 --a------ C:\WINDOWS\System32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:51 34560 --a------ C:\WINDOWS\System32\drivers\hidclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:50 9600 --a------ C:\WINDOWS\System32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:50 23680 --a------ C:\WINDOWS\System32\drivers\hidparse.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-05-26 14:26:57 0 d-------- C:\Program Files\GtkRadiant-1.4
2008-05-24 19:04:41 0 d-------- C:\Program Files\Defcon
2008-04-26 13:53:02 0 -ra------ C:\WINDOWS\System32\TFTP1800
2008-04-26 13:50:47 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-25 21:25:02 0 d-------- C:\Program Files\LimeWire
2008-04-24 17:29:42 0 d-------- C:\Program Files\Enigma Software Group
2008-04-22 21:14:57 0 -ra------ C:\WINDOWS\TFTP768
2008-04-22 21:09:52 0 -ra------ C:\WINDOWS\TFTP396
2008-04-22 21:08:24 0 -ra------ C:\WINDOWS\TFTP308
2008-04-22 21:07:27 0 d-------- C:\Program Files\Trend Micro
2008-04-22 20:55:30 0 -ra------ C:\WINDOWS\TFTP1756
2008-04-22 20:54:18 0 -ra------ C:\WINDOWS\TFTP1824
2008-04-21 23:14:18 0 d-------- C:\Program Files\Alwil Software
2008-04-21 00:13:08 14336 --a------ C:\WINDOWS\WinUpdate.exe
2008-04-20 23:27:15 0 d-------- C:\Documents and Settings\Kris\Application Data\Macromedia
2008-04-20 23:13:18 0 d-------- C:\Program Files\lg_fwupdate
2008-04-16 22:26:09 512 -ra------ C:\WINDOWS\TFTP2244
2008-04-15 23:22:16 0 -ra------ C:\WINDOWS\TFTP324
2008-04-15 19:12:08 0 d-------- C:\Documents and Settings\Kris\Application Data\Skype
2008-04-15 18:45:55 512 -ra------ C:\WINDOWS\System32\TFTP3928
2008-04-15 18:44:04 0 -ra------ C:\WINDOWS\System32\TFTP3616
2008-04-15 18:43:24 0 -ra------ C:\WINDOWS\System32\TFTP2072
2008-04-15 18:07:45 0 -ra------ C:\WINDOWS\TFTP2552
2008-04-15 17:50:38 14336 --a------ C:\WINDOWS\System32\WinUpdate.exe
2008-03-21 17:42:07 664 --a------ C:\WINDOWS\System32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [08/30/2006 06:51 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [08/30/2006 06:51 PM]
"GBB36X Configure"="C:\WINDOWS\System32\JMRaidTool.exe" [06/02/2006 09:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [03/14/2007 05:03 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 01:23 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [05/06/2003 10:28 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/06/2007 12:52 AM]
"WinUpdate"="C:\WINDOWS\WinUpdate.exe" [04/21/2008 12:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 03:41 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Kris\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent




-- End of Deckard's System Scanner: finished at 2008-05-30 11:42:18 ------------

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 10%
Physical Memory (total/avail): 3070.42 MiB / 2738.91 MiB
Pagefile Memory (total/avail): 4450.95 MiB / 4330.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1967.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 279.45 GiB total, 61.43 GiB free. 
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kris\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KRISPC
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kris
LOGONSERVER=\\KRISPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Softimage;C:\Program Files\Mozilla Firefox
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\valve\steam\steamapps\demegatron\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kris\LOCALS~1\Temp
USERDOMAIN=KRISPC
USERNAME=Kris
USERPROFILE=C:\Documents and Settings\Kris
VProject=c:\program files\valve\steam\steamapps\demegatron\half-life 2\hl2
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Kris [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D GameStudio / A6 Trial --> MsiExec.exe /X{95074289-A854-4D2A-A412-4AF5B477B8A4}
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Another World 1.1c --> C:\Program Files\Another World\uninst.exe
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\Setup.exe" -l0x9 
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Black and White --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\Setup.exe" 
BT Voyager Modem AOL Test --> C:\WINDOWS\AppRun.exe C:\PROGRA~1\VOYAGE~1
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
CryEngine(R)2 Sandbox(TM)2 --> MsiExec.exe /I{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crysis(R) SP Demo --> MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Defcon --> "C:\Program Files\Defcon\unins000.exe"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EAWMapEditor --> MsiExec.exe /I{ECB4D56B-E365-4922-AC0F-70CF770443A3}
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9  /zU -removeonly
FEAR Extraction Point --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{909BBDB7-BABE-434C-9124-863A9F8D1CF8}\setup.exe" -l0x9  -removeonly
Fraps --> "C:\Fraps\uninstall.exe"
Free Natural Text to Speech Reader 2007 --> MsiExec.exe /I{3E5DA526-F420-45A6-9F27-D2B5246D6823}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe" 
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9  -removeonly
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9  -removeonly
GTA San Andreas Admin Console --> C:\PROGRA~1\GTASAC~1\UNWISE.EXE C:\PROGRA~1\GTASAC~1\INSTALL.LOG
GTASA Ultimate Editor 3.6.6 --> "C:\Documents and Settings\Kris\My Documents\Mods\GTA\GTASA Ultimate Editor\unins000.exe"
GtkRadiant-1.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F3AE7331-7851-424E-BFD5-B46E8DA3F0D6}\Setup.exe" 
GtkRadiant 1.5.0 --> MsiExec.exe /I{EC2F741D-308C-42B4-BD04-9A4853F2E402}
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jurassic Park Operation Genesis --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{A347C572-F7B4-43A3-BD51-FFC99184F70D} /l1033 
Just Cause 1.00.0000 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x9  -removeonly
Last.fm 1.1.3.0 --> "C:\Program Files\Last.fm\unins000.exe"
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe" 
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Eyetoy Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
LucasArts' Jedi Knight --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Jedi Knight\DeIsL1.isu"
LucasArts' Rogue Squadron --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\ROGUE\DeIsL1.isu"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.74 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Matto4 --> C:\Program Files\Ubisoft\Crytek\Far Cry\Mods\Matto4\Uninstal Matto4.exe
Matto4 Patch 1.1 --> C:\Program Files\Ubisoft\Crytek\Far Cry\Mods\Matto4\Uninstal Matto4.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MTA: Race for San Andreas 1.1.1 --> C:\Program Files\MTA San Andreas\Uninstall.exe
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9  -removeonly
Overlord --> C:\Program Files\InstallShield Installation Information\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}\Setup.exe -runfromtemp -l0x0009 -removeonly
PDF2Word v1.4 --> "C:\Documents and Settings\Kris\Desktop\PDF2Word v1.4\unins000.exe"
PLAYSTATION(R)Network Downloader --> MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PunkBuster Services --> C:\WINDOWS\System32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9  -removeonly
RPGToolkit, Version 3.1.0 --> C:\Program Files\Toolkit3\uninstall.exe
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9  -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SimPE 0.62 (alpha) --> "C:\Program Files\SimPE\unins000.exe"
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SOFTIMAGE CROSSWALK 2.06 --> C:\Softimage\Crosswalk2.0\Setup\setup.exe -runfromtemp -l0x0009 -removeonly
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9  -removeonly
Star Wars Galaxies: 14-Day Trial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5770C6BC-EC01-42DA-A8E0-62C869DB50FD}\setup.exe" -l0x9  -removeonly
Star Wars Jedi Knight Jedi Academy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9 
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9  -removeonly
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Swift 3D Version 4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{604B0B0F-68C6-440D-AA74-B69314F86ADA} 
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 HomeCrafter Plus --> C:\Program Files\EA GAMES\The Sims 2 HomeCrafter Plus\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 FreeTime --> C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Thief - Deadly Shadows Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}\setup.exe" -l0x9 
Tom Clancy's Splinter Cell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A174402A-2EE6-4B86-A930-7BC85A9933BD}\setup.exe" -l0x9 
Ultimate Spider-Man (TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CC35B08B-4EC1-4759-B159-0EC4E69C3E7C} /l1033 
UVMapper Professional Demo 3.4a --> "C:\Program Files\UVMapper Professional Demo\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0) --> rundll32.exe C:\PROGRA~1\DIFX\F78795BBB376EE09\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\Zune_C6317AD6BF989B5AA21DD2422BEA915EC068CA80\Zune.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Tablet Series --> Rmtablet KNL
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zune --> MsiExec.exe /X{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}


-- Application Event Log -------------------------------------------------------

Event Record #/Type749 / Error
Event Submitted/Written: 05/30/2008 11:36:20 AM
Event ID/Source: 2 / RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x2afc)

Event Record #/Type746 / Error
Event Submitted/Written: 05/29/2008 08:07:44 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Event Record #/Type744 / Error
Event Submitted/Written: 05/29/2008 08:05:52 PM
Event ID/Source: 2 / RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x2afc)

Event Record #/Type741 / Error
Event Submitted/Written: 05/29/2008 07:34:30 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Event Record #/Type739 / Error
Event Submitted/Written: 05/29/2008 07:32:43 PM
Event ID/Source: 2 / RaySat_3dsmax9_32 Server
Event Description:
(1632) getservbyname: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for. (0x2afc)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2101 / Warning
Event Submitted/Written: 05/30/2008 11:37:08 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0216E682B11F.  The IP address being used is 169.254.203.0.

Event Record #/Type2100 / Warning
Event Submitted/Written: 05/30/2008 11:37:07 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{1CEA6C23-CF8E-470F-9B49-D01E33F55E07}.

Event Record #/Type2099 / Warning
Event Submitted/Written: 05/30/2008 11:36:58 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0216E682B11F.  The following
error occurred: 
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2091 / Warning
Event Submitted/Written: 05/29/2008 08:06:43 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{1CEA6C23-CF8E-470F-9B49-D01E33F55E07}.

Event Record #/Type2090 / Warning
Event Submitted/Written: 05/29/2008 08:06:41 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0216E682B11F.  The IP address being used is 169.254.203.0.



-- End of Deckard's System Scanner: finished at 2008-05-30 11:42:18 ------------

Hope this makes sense

Hi again demeggy,

My posts may be a bit delayed at the moment since I have alot of school work (finals and all that good stuff ), but I will try and get to you daily.

Please follow my instructions in the order they were given, if you come across something you don't understand or don't feel comfortable doing, don't hesitate to ask and I will get you sorted out
If you cannot complete a step in my instructions, please skip it and continue with the rest of my instructions and tell me in your next reply which one you were having trouble with.

Preperation

I notice you have no Anti-Virus program installed on your computer. These programs are necessary in keeping your computer free of malware, without it you are very likely to get re-infected within a very short period of time.
I would like you to download one of these free programs I have listed here for you. Personally I would opt for AntiVir at the moment.
Note: Make sure to only install ONE program, as having more can cause confliction between these programs, which in turn lowers your protection and slows down your computer.

• AVG Anti-Virus
• AntiVir

Step 1. Updating Java

Your Java is way outdated, older versions have vunerabilitys that virii can exploit.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

Step 2. Running SDFix

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).

Step 3. Deckards' System Scanner

Please Re-run Deckards' System Scanner

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open one Notepad main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.

In your next reply

Please post the log from SDFix.
Please post the log from Deckards' System Scanner (main.txt)

If the logs are to big to fit in one reply please spread them out over multiple replies.

Hi Mike, it wont let me remove the old version of Java, it says;

"The Windows Installer Service Could Not Be Accessed. This can occur if Windows is in Safe Mode or the windows installer is not correctly installed."

any ideas what I should do?

Hi there demeggy,

Let's try this:

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Go Here and download ERUNT
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
• Install ERUNT by following the prompts
  (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
• Start ERUNT
  (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
• Choose a location for the backup
  (the default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked
• Press OK
• Press YES to create the folder.

Then please download the attached file. Right click on it and select Open With..., in the list that appears choose Notepad.

In Notepad click on the "File" menu > Save As... Under "File name" type Fix.reg and Change "Save as type" to All Files

Now double click fix.reg. A pop-up will appear asking you if you want to import this to your registry click yes.

Try uninstalling the Java items again, does it work now?

Edited by Mike, 31 May 2008 - 07:43 AM.

Hey,

I followed your instructions step-by-step with still no joy

Long shot, but anything else I can try?

Hi there tacam,

I still have another way!

From here
Reinstall the Windows Installer
To reinstall the Windows Installer, rename the damaged Windows Installer files, and then reinstall the Windows Installer. To do this, follow these steps:
1. Click Start, click Run, type cmd in the Open text box, and then click OK
2. Type cd %windir%\system32, and then press ENTER.
3. Type attrib -r -s -h dllcache, and then press ENTER.
4. Type ren msi.dll msi.old, and then press ENTER.
5. Type ren msiexec.exe msiexec.old, and then press ENTER..
6. Type ren msihnd.dll msihnd.old, and then press ENTER.
7. Type exit, and then press ENTER.
8. At the command prompt, type exit, and then press ENTER.
9. Click Start, and then clickTurn off computer or Shut Down
10. Select theRestart option, and then click OK, or click Restart.
11. Log on to the computer.
12. Download and install the latest version of the Windows Installer. http://www.microsoft...;displaylang=en
13. Click Start, and then click Turn off computer or Shut Down
14. Select the Restart option, and then click OK, or click Restart.

Follow the steps carefully, if you have an issue stop there and ask before proceeding

Post back if it works or not.

Please go ahead and run SDFix and Deckard's System Scanner.

Edited by Mike, 31 May 2008 - 11:01 AM.

at step 6, it said I was attempting to open a DLL file, which file type should I open it with?

6. Type ren msihnd.dll msihnd.old, and then press ENTER.

I forgot to bold "ren"
This shouldn't ask you to open a DLL file, try it again and see if it works.
Remember to proceed with running SDFix and DSS.

Mike

Edited by Mike, 31 May 2008 - 11:55 AM.

Arrgh! so another error, I go to install the latest windows installer, and I get;

"KB893803v2 Setup Error

Setup could not verify the integrity of the file Update.inf. Make sure the cryptographic service is running on this computer."

Hi there demeggy,

Let's reverse what we did before, we will get back to this issue after your computer is malware free.

1. Click Start, click Run, type cmd in the Open text box, and then click OK
2. Type cd %windir%\system32, and then press ENTER.
3. Type attrib -r -s -h dllcache, and then press ENTER.
4. Type ren msi.old msi.dll, and then press ENTER.
5. Type ren msiexec.old msiexec.exe, and then press ENTER..
6. Type ren msihnd.old msihnd.exe , and then press ENTER.
7. Type exit, and then press ENTER.
8. At the command prompt, type exit, and then press ENTER.
9. Click Start, and then click Turn off computer or Shut Down
10. Select the Restart option, and then click OK, or click Restart.
11. Log on to the computer.

If you get this message:

A duplicate file name exists, or the file
cannot be found.

Thats fine, we just want those files to be there.

Please run SDFix and DSS and post back with the logs.

Thanks

Mike

Edited by Mike, 01 June 2008 - 04:13 AM.

Cheers Mike,

well managed to get those two programs working, still havent managed to remove old Java or install new Java.

See text files belw;

SDFIX

[b]SDFix: Version 1.187 [/b]
Run by Kris on Sun 06/01/2008 at 01:08 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\TFTP1800 - Deleted
C:\WINDOWS\system32\TFTP2072 - Deleted
C:\WINDOWS\system32\TFTP3616 - Deleted
C:\WINDOWS\system32\TFTP3928 - Deleted
C:\Documents and Settings\Kris\Application Data\addon.dat  - Deleted
C:\WINDOWS\system32\winupdate.exe  - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


								 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:30:48
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a0,46,39,f4,a8,52,28,90,38,74,1d,3a,31,cf,e6,0b,46,70,29,fb,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:32,88,5d,d8,ff,62,01,c4,7a,4c,48,21,7d,1c,21,b7,79,60,96,2f,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,cf,46,d4,95,b7,4d,64,3b,20,21,09,bc,f1,76,0c,3a,ee,be,b9,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8c,cf,46,d4,95,b7,4d,64,3b,20,21,09,bc,f1,76,0c,3a,ee,be,b9,57,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,14,92,d7,ee,44,0f,17,ff,35,16,fc,a8,54,8e,50,6a,a9,ec,3b,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:3e3685e9
"s2"=dword:73f66784
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,14,92,d7,ee,44,0f,17,ff,35,16,fc,a8,54,8e,50,6a,a9,ec,3b,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:8a,64,68,23,8f,4f,51,73,78,67,e7,db,ea,71,d3,5e,c4,ae,3c,d4,4f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,79,18,a0,2f,d6,9d,45,38,99,8c,20,c3,07,cd,2d,6c,4f,..
"khjeh"=hex:97,e1,f8,c5,4b,54,04,f2,95,c5,da,e3,5b,65,db,12,3d,95,42,5a,5f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e8,14,92,d7,ee,44,0f,17,ff,35,16,fc,a8,54,8e,50,6a,a9,ec,3b,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:21,1e,74,e9,60,65,bb,9a,e8,4a,c4,26,41,fb,e0,30,a0,73,c6,77,53,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 24 Apr 2008		   211 A.SHR --- "C:\BOOT.BAK"
Wed  9 Jan 2002	 1,097,728 A..H. --- "C:\Program Files\VoyagerModemDrivers\Dirapi.dll"
Wed  9 Jan 2002	   561,152 A..H. --- "C:\Program Files\VoyagerModemDrivers\Iml32.dll"
Wed  1 Sep 2004		 2,048 A..H. --- "C:\Program Files\VoyagerModemDrivers\ipchecking.exe"
Wed  9 Jan 2002	   266,293 A..H. --- "C:\Program Files\VoyagerModemDrivers\msvcrt.dll"
Wed  9 Jan 2002	   151,552 A..H. --- "C:\Program Files\VoyagerModemDrivers\Proj.dll"
Tue  1 Mar 2005	   467,688 A..H. --- "C:\Program Files\VoyagerModemDrivers\WindowsXP-KB885295-x86-enu.exe"
Thu 25 Jan 2007		 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 12 Dec 2007		   401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Thu 25 Jan 2007		   401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Wed 16 May 2007			 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 22 Jan 2008		 3,077 ...HR --- "C:\Documents and Settings\Kris\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue  5 Dec 2006		28,672 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL0780.tmp"
Tue  5 Dec 2006		43,520 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL1274.tmp"
Thu 11 Jan 2007		59,392 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL1351.tmp"
Tue  5 Dec 2006		36,352 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL2972.tmp"
Tue  5 Dec 2006		33,280 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL3171.tmp"
Tue  5 Dec 2006		45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Misc\short stories\~WRL3954.tmp"
Fri 15 Jul 2005		 4,348 A..H. --- "C:\Documents and Settings\Kris\My Documents\My Music\License Backup\drmv1key.bak"
Thu 27 Jul 2006		   401 A..H. --- "C:\Documents and Settings\Kris\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 30 Oct 2005		   400 A.SH. --- "C:\Documents and Settings\Kris\My Documents\My Music\License Backup\drmv2key.bak"
Wed 29 Mar 2006		41,472 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0001.tmp"
Thu 30 Mar 2006		49,664 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0019.tmp"
Thu 30 Mar 2006		52,736 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0046.tmp"
Thu 30 Mar 2006		43,520 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0206.tmp"
Thu 30 Mar 2006		48,128 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0587.tmp"
Thu 30 Mar 2006		47,616 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0757.tmp"
Thu 30 Mar 2006		52,736 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL0792.tmp"
Thu 30 Mar 2006		45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1033.tmp"
Thu 30 Mar 2006		46,080 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1070.tmp"
Thu 30 Mar 2006		52,224 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1226.tmp"
Thu 30 Mar 2006		45,568 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL1862.tmp"
Thu 30 Mar 2006		43,520 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL2106.tmp"
Thu 30 Mar 2006		45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3059.tmp"
Thu 30 Mar 2006		52,224 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3187.tmp"
Thu 30 Mar 2006		43,008 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3874.tmp"
Thu 30 Mar 2006		45,056 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC572 Software Engineering\~WRL3883.tmp"
Thu  5 Jan 2006		38,400 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0003.tmp"
Thu  5 Jan 2006		29,184 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0068.tmp"
Thu  5 Jan 2006		32,768 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0709.tmp"
Thu  5 Jan 2006		32,256 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL0917.tmp"
Thu  5 Jan 2006		34,816 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL1259.tmp"
Thu  5 Jan 2006		36,864 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL1740.tmp"
Thu  5 Jan 2006		35,840 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL1752.tmp"
Thu  5 Jan 2006		36,352 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2242.tmp"
Thu  5 Jan 2006		37,888 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2513.tmp"
Thu  5 Jan 2006		36,864 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2689.tmp"
Thu  5 Jan 2006		37,376 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2853.tmp"
Thu  5 Jan 2006		24,064 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2856.tmp"
Thu  5 Jan 2006		36,864 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL2950.tmp"
Thu  5 Jan 2006		31,744 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3209.tmp"
Sun  8 Jan 2006		39,936 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3414.tmp"
Thu  5 Jan 2006		25,600 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3419.tmp"
Thu  5 Jan 2006		27,648 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\CMC582 Comms and Security\~WRL3682.tmp"
Mon 16 Apr 2007		24,064 ...H. --- "C:\Documents and Settings\Kris\My Documents\Uni\year 3 stuff\CMP 3626 Content Creation + Management\~WRL2809.tmp"
Sun 26 Nov 2006		32,768 A..H. --- "C:\Documents and Settings\Kris\My Documents\Uni\year 3 stuff\Dissertation\~WRL0001.tmp"

[b]Finished![/b]

DSS

Deckard's System Scanner v20071014.68
Run by Kris on 2008-06-01 13:47:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Kris.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:40 PM, on 6/1/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Kris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kris.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1078081533-1292428093-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINNT\system32\msiexec.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5665 bytes

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 13:01:05		 0 d-------- C:\WINDOWS\ERUNT
2008-05-31 11:52:09		 0 d-------- C:\Program Files\Avira
2008-05-31 11:52:09		 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-31 11:37:55		 0 d-------- C:\Documents and Settings\Kris\.SunDownloadManager
2008-05-29 20:14:00		 0 d--h----- C:\WINDOWS\System32\explorer
2008-05-27 21:43:11	 22016 --a------ C:\WINDOWS\System32\drivers\mouclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:43:10	 12160 --a------ C:\WINDOWS\System32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:35:08	 33792 --a------ C:\WINDOWS\System32\drivers\disk.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:34:58	 20480 --a------ C:\WINDOWS\System32\hidserv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:51	 34560 --a------ C:\WINDOWS\System32\drivers\hidclass.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:50	  9600 --a------ C:\WINDOWS\System32\drivers\hidusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-27 21:25:50	 23680 --a------ C:\WINDOWS\System32\drivers\hidparse.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-05-26 14:26:57		 0 d-------- C:\Program Files\GtkRadiant-1.4
2008-05-24 19:04:41		 0 d-------- C:\Program Files\Defcon
2008-04-26 13:50:47		 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-25 21:25:02		 0 d-------- C:\Program Files\LimeWire
2008-04-24 17:29:42		 0 d-------- C:\Program Files\Enigma Software Group
2008-04-22 21:14:57		 0 -ra------ C:\WINDOWS\TFTP768
2008-04-22 21:09:52		 0 -ra------ C:\WINDOWS\TFTP396
2008-04-22 21:08:24		 0 -ra------ C:\WINDOWS\TFTP308
2008-04-22 21:07:27		 0 d-------- C:\Program Files\Trend Micro
2008-04-22 20:55:30		 0 -ra------ C:\WINDOWS\TFTP1756
2008-04-22 20:54:18		 0 -ra------ C:\WINDOWS\TFTP1824
2008-04-21 23:14:18		 0 d-------- C:\Program Files\Alwil Software
2008-04-21 00:13:08	 14336 --a------ C:\WINDOWS\WinUpdate.exe
2008-04-20 23:27:15		 0 d-------- C:\Documents and Settings\Kris\Application Data\Macromedia
2008-04-20 23:13:18		 0 d-------- C:\Program Files\lg_fwupdate
2008-04-16 22:26:09	   512 -ra------ C:\WINDOWS\TFTP2244
2008-04-15 23:22:16		 0 -ra------ C:\WINDOWS\TFTP324
2008-04-15 19:12:08		 0 d-------- C:\Documents and Settings\Kris\Application Data\Skype
2008-04-15 18:07:45		 0 -ra------ C:\WINDOWS\TFTP2552
2008-03-21 17:42:07	   664 --a------ C:\WINDOWS\System32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [08/30/2006 06:51 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [08/30/2006 06:51 PM]
"GBB36X Configure"="C:\WINDOWS\System32\JMRaidTool.exe" [06/02/2006 09:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [03/14/2007 05:03 PM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 01:23 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [05/06/2003 10:28 AM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [02/06/2007 12:52 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 03:41 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=  scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kris\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Kris\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent




-- End of Deckard's System Scanner: finished at 2008-06-01 13:47:55 ------------

Hope this shed's some light?

Also, I've installed Avira Antivirus, but even though I double click the prog to run, and it comes up, it doesnt start with startup and I'm not even sure its protecting my system. Any ideas?

Edited by demeggy, 01 June 2008 - 09:05 AM.

Hi there demeggy,

AntiVir is running as shown by this O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe but I believe it does create a startup entry which I don't see in your logs. I would recommend you leaving it as it is until your installer issue is fixed in case you wouldn't be able to re-install it (which should fix this issue).

Step 1. Running OTMoveIt2

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\WinUpdate.exe
   C:\WINDOWS\TFTP768
   C:\WINDOWS\TFTP396
   C:\WINDOWS\TFTP308
   C:\WINDOWS\TFTP1756
   C:\WINDOWS\TFTP1824
   C:\WINDOWS\TFTP2244
   C:\WINDOWS\TFTP324
   C:\WINDOWS\TFTP2552
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\\{7E853D72-626A-48EC-A868-BA8D5E23E045}
   emptytemp

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 2. Making a Batch File

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following

@ECHO off
dir /S /C "C:\WINDOWS\System32\explorer " >> C:\peek.txt
start notepad C:\peek.txt

In Notepad click on the "File" menu > Save As... Under "File name" type peek.bat and Change "Save as type" to All Files, save it to a place you will remember.



Double click on peek.bat.

Step 3. Running MalwareByte's Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply

Please post the log from OTMoveIt2.
Please post the log from peek.bat (C:\peek.txt)
Please post the log from MBAM.
Please re-run deckards' system scanner and post back with Main.txt after doing the above

If the logs are to big to fit in one reply please spread them out over multiple replies.

How is your computer running?