MAIN.TXT:
Deckard's System Scanner v20071014.68
Run by Kieran on 2007-11-12 19:28:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-11-12 19:28:50 UTC - RP411 - Deckard's System Scanner Restore Point
1: 2007-11-12 17:49:19 UTC - RP410 - ComboFix created restore point
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kieran.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:50 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\webserver\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\webser~1\electr~1\electr~1\electr~1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\webserver\Apache2\bin\Apache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\webserver\Apache2\bin\ApacheMonitor.exe
E:\Elysium Diamond\Server\Server.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Kieran\Desktop\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kieran.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.windowsxlive.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Legends of Escentia.lnk = E:\Elysium Diamond\Server\Server.exe
O4 - Startup: Thoosje Sidebar .lnk = C:\Program Files\Vista Sidebar\sidebar.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) -
http://www.tescophoto.com/wpp/tesco/app/opcuploader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} (Bonusprint Image Uploader Version 3.5) -
http://webalbum.bonusprint.com/ukipc01/dow...geUploader3.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{AFEDE89D-FE8E-443C-A6BB-9DB0B084BF8B}: NameServer = 62.24.252.135 62.24.252.134
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\webserver\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: ElectroServer Service - Unknown owner - c:\webser~1\electr~1\electr~1\electr~1.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe (file missing)
--
End of file - 8591 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20070827-143943-130 O2 - BHO: (no name) - {4B021AE2-73C7-4BB3-981C-4A52F322334F} - C:\WINDOWS\system32\ddccy.dll (file missing)
backup-20070827-143943-296 O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
backup-20070827-143943-471 O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll (file missing)
backup-20071112-173953-284 O4 - HKCU\..\Run: [Atuc] "C:\WINDOWS\ASEMBL~1\spool32.exe" -vt yazb
-- File Associations -----------------------------------------------------------
[color=\"red\"].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R2 INO_FLTR - c:\windows\system32\drivers\ino_fltr.sys <Not Verified; Computer Associates; CA eTrust Antivirus/InoculateIT version 7.X/6.X>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 catchme - c:\docume~1\kieran\locals~1\temp\catchme.sys (file missing)
R3 u2kg54 (BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 RT2500USB (RT2500 USB Wireless LAN Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SkLaggProtocol (Marvell Link Aggregation Protocol (LAGG) Support) - c:\windows\system32\drivers\yk51lagg.sys (file missing)
S3 SkVlanProtocol (Marvell Virtual LAN (VLAN) Support) - c:\windows\system32\drivers\skvlan.sys <Not Verified; SysKonnect; >
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apache2 - "c:\webserver\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DynDNS_Updater_Service (DynDNS Updater Service) - c:\program files\dyndns updater\dyndns.exe <Not Verified; Kana Solution; DynDNS Updater>
R2 ElectroServer Service - c:\webser~1\electr~1\electr~1\electr~1.exe
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
S2 XAMPP (XAMPP Service) - c:\xampp\service.exe (file missing)
S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>
S4 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
S4 Cerberus FTP Server - c:\program files\cerberus\cerberus.exe -service <Not Verified; Grant Averett; Cerberus FTP Server>
S4 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
S4 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S4 CyberLink Media Library Service - "c:\program files\home cinema\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
S4 FileZilla Server (FileZilla Server FTP server) - c:\program files\filezilla server\filezilla server.exe <Not Verified; FileZilla Project; FileZilla Server>
S4 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
S4 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
S4 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
S4 MySQLServer - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysqlserver (file missing)
S4 ZoneEditor - c:\program files\graphite.net\zoneeditor\zoneeditor.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: RT2500 USB Wireless LAN Card
Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
Manufacturer: Ralink Technology Corp.
Name: RT2500 USB Wireless LAN Card
PNP Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
Service: RT2500USB
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_000716BE&REV_D1\4&1AF1648C&0&08F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_000716BE&REV_D1\4&1AF1648C&0&08F0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_000816BE&REV_D1\4&1AF1648C&0&20F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_000816BE&REV_D1\4&1AF1648C&0&20F0
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&1AF1648C&0&28F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_11C1&DEV_0620&SUBSYS_062011C1&REV_00\4&1AF1648C&0&28F0
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-11-12 15:06:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-10-12 and 2007-11-12 -----------------------------
2007-11-12 16:59:49 0 d-------- C:\Documents and Settings\Kieran\Downloads
2007-11-12 16:59:39 0 d-------- C:\Documents and Settings\Kieran\Application Data\NewsLeecher
2007-11-12 16:59:34 0 d-------- C:\Program Files\NewsLeecher
2007-11-11 17:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-11 17:44:14 0 d-------- C:\Program Files\Yahoo!
2007-11-10 19:42:03 0 d-------- C:\Program Files\Citrix
2007-11-10 19:28:16 356352 --a------ C:\WINDOWS\Lightspeed!.scr <Not Verified; WOLTON; Lightspeed Screen Saver>
2007-11-10 19:28:10 0 d-------- C:\Program Files\Lightspeed Screen Saver
2007-11-09 23:00:01 0 d-------- C:\WINDOWS\system32\VIRepair
2007-11-09 19:45:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2007-11-09 19:45:00 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2007-11-06 06:06:49 0 d-------- C:\Documents and Settings\TEMP.STUDY\Application Data\Macromedia
2007-11-06 05:51:11 0 d-------- C:\WINDOWS\Mozilla
2007-11-06 05:51:11 0 d-------- C:\Documents and Settings\TEMP.STUDY\Application Data
2007-11-06 05:51:11 0 d-------- C:\Documents and Settings\TEMP.STUDY\Application Data\Mozilla
2007-11-05 18:46:01 0 d-------- C:\Program Files\Install Creator
2007-11-05 06:21:26 0 d-------- C:\Documents and Settings\TEMP.STUDY\Start Menu
2007-11-05 06:21:26 0 dr-h----- C:\Documents and Settings\TEMP.STUDY\Recent
2007-11-05 06:21:26 0 dr------- C:\Documents and Settings\TEMP.STUDY\Favorites
2007-11-05 06:21:26 0 d-------- C:\Documents and Settings\TEMP.STUDY\Desktop
2007-11-05 06:15:15 0 d--h----- C:\Documents and Settings\TEMP.STUDY\Templates
2007-11-05 06:15:15 0 d--h----- C:\Documents and Settings\TEMP.STUDY\Cookies
2007-11-05 06:15:05 0 d--h----- C:\Documents and Settings\TEMP.STUDY\Local Settings
2007-11-05 06:14:58 262144 --ah----- C:\Documents and Settings\TEMP.STUDY\ntuser.dat
2007-11-04 19:23:23 0 d--h----- C:\msdownld.tmp
2007-11-04 17:24:21 0 d-------- C:\Program Files\Hamachi
2007-11-04 16:26:31 0 d-------- C:\Program Files\The Games Factory 2
2007-10-31 03:01:53 438840 -rahs---- C:\bootmgr
2007-10-31 03:01:52 0 d--hs---- C:\Boot
2007-10-31 03:01:26 0 d-------- C:\Program Files\MSXML 6.0
2007-10-30 19:44:18 0 d--hs---- C:\$RECYCLE.BIN
2007-10-30 19:27:18 171136 -rahs--c- C:\grldr
2007-10-29 22:10:45 0 d-------- C:\Program Files\LSoft Technologies
2007-10-29 21:42:47 0 d-------- C:\Program Files\CDBurnerXP
2007-10-26 16:18:52 0 d-------- C:\Documents and Settings\Kieran\Application Data\ViStart
2007-10-26 13:57:22 0 d-------- C:\Program Files\ViOrb
2007-10-26 13:52:10 0 d-------- C:\WINDOWS\system32\VITrans
2007-10-26 13:52:07 111104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-10-26 13:52:07 19968 --a------ C:\WINDOWS\system32\reico.exe <Not Verified; Dead Knight; >
2007-10-26 13:52:07 8636 --a------ C:\WINDOWS\system32\modifype.exe
2007-10-26 13:52:07 0 d-------- C:\VTPFiles
2007-10-26 13:37:52 0 d-------- C:\Program Files\Stardock
2007-10-26 12:53:33 0 d-------- C:\Program Files\Azureus Vuze
2007-10-22 18:55:08 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-22 18:52:49 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-21 19:36:58 0 d-------- C:\Documents and Settings\Alan\Application Data\iLike
2007-10-18 17:13:18 0 d-------- C:\Program Files\RAR Password Cracker
2007-10-17 16:07:12 0 d-------- C:\Documents and Settings\Kieran\Application Data\iLike
2007-10-15 05:14:37 3456 --a------ C:\t1bo
2007-10-13 19:28:55 0 d-------- C:\Program Files\iPod
2007-10-13 19:28:40 0 d-------- C:\Program Files\iTunes
2007-10-12 20:43:22 0 d-------- C:\Program Files\ZX Games
-- Find3M Report ---------------------------------------------------------------
2007-11-12 16:10:51 0 d-------- C:\Program Files\Steam
2007-11-12 00:00:46 0 d-------- C:\Program Files\DynDNS Updater
2007-11-11 09:57:34 0 d-------- C:\Documents and Settings\Kieran\Application Data\Azureus
2007-11-09 19:42:56 0 d-------- C:\Documents and Settings\Kieran\Application Data\Hamachi
2007-11-05 14:03:59 0 d-------- C:\Program Files\TRINITRON CG
2007-11-05 14:03:54 0 d-------- C:\Program Files\Macromedia
2007-11-05 14:03:50 0 d-------- C:\Program Files\Corel
2007-11-04 19:04:51 95664 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-11-04 11:48:03 0 d-------- C:\Program Files\microsoft money 2005
2007-11-04 11:48:03 0 d-------- C:\Program Files\Common Files
2007-11-03 19:15:19 0 d-------- C:\Program Files\mIRC
2007-10-29 18:29:33 0 d-------- C:\Program Files\MagicISO
2007-10-28 12:55:38 13218 --a------ C:\Documents and Settings\Kieran\Application Data\wklnhst.dat
2007-10-26 12:53:25 0 d-------- C:\Program Files\Azureus
2007-10-23 20:30:37 19 --a------ C:\WINDOWS\popcinfo.dat
2007-10-22 18:30:11 0 d-------- C:\Program Files\Valve
2007-10-22 18:27:44 0 d-------- C:\Program Files\Common Files\Stardock
2007-10-22 18:22:57 0 d-------- C:\Program Files\Ares
2007-10-22 18:15:14 0 d-------- C:\Program Files\Web Password Wizard
2007-10-09 09:57:35 0 d-------- C:\Documents and Settings\Kieran\Application Data\WinRAR
2007-10-08 20:38:35 0 d-------- C:\Program Files\Java
2007-10-08 18:25:36 0 d-------- C:\Program Files\OpenPlsInWMP
2007-10-08 17:25:24 0 d-------- C:\Program Files\Windows Live Safety Center
2007-10-08 16:53:30 0 d-------- C:\Program Files\SHOUTcast
2007-10-08 16:51:24 0 d-------- C:\Program Files\NCH Swift Sound
2007-10-08 16:51:24 0 d-------- C:\Documents and Settings\Kieran\Application Data\NCH Swift Sound
2007-10-08 16:17:04 0 d-------- C:\Documents and Settings\Kieran\Application Data\Softplicity
2007-10-08 12:55:57 0 d-------- C:\Documents and Settings\Kieran\Application Data\CoreFTP
2007-10-08 12:01:44 0 d-------- C:\Program Files\FileZilla Server
2007-10-08 11:23:26 0 d-------- C:\Program Files\Virtos
2007-10-06 16:16:56 0 d-------- C:\Documents and Settings\Kieran\Application Data\MySQL
2007-10-05 18:09:51 0 d-------- C:\Program Files\Cucusoft
2007-10-01 18:42:46 0 d-------- C:\Program Files\WinAce
2007-10-01 15:18:41 0 d-------- C:\Program Files\Common Files\i4j_jres
2007-09-30 12:14:34 0 d-------- C:\Program Files\Google
2007-09-29 14:32:20 0 d-------- C:\Program Files\GD MSN Plugin
2007-09-29 14:31:37 0 d-------- C:\Program Files\otron.net
2007-09-29 14:21:22 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-09-28 17:01:45 0 d-------- C:\Program Files\MSN Messenger
2007-09-28 17:01:07 0 d-------- C:\Program Files\Windows Live
2007-09-26 16:32:30 0 d-------- C:\Program Files\Apple Software Update
2007-09-22 12:21:52 6667264 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-22 12:05:41 0 d-------- C:\Program Files\Visual Pinball
2007-09-22 12:02:19 0 d-------- C:\Program Files\WinCustomize
2007-09-17 17:37:19 0 d-------- C:\Program Files\PTC
2007-09-16 21:38:32 0 d-------- C:\Program Files\Windows Media Components
2007-09-15 13:10:30 0 d-------- C:\Program Files\Winamp
2007-09-15 12:02:48 0 d-------- C:\Program Files\Webreceiver
2007-08-20 20:20:30 900 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MedionVFD"="C:\Program Files\Medion Info Display\MdionLCM.exe" [10/11/2005 04:11 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/17/2006 05:29 PM]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [12/04/2005 12:23 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 06:40 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 10:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"AlcFDMonitor"="C:\WINDOWS\ALCFDRTM.EXE" [03/17/2007 12:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [08/16/2007 03:19 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" []
C:\Documents and Settings\Kieran\Start Menu\Programs\Startup\
Legends of Escentia.lnk - E:\Elysium Diamond\Server\Server.exe [11/4/2007 6:23:59 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 03/05/2007 04:36 PM 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cerberus FTP Server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cerberus FTP Server.lnk
backup=C:\WINDOWS\pss\Cerberus FTP Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]
C:\WINDOWS\system32\CmUCReye.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX6000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SFF.tmp" /EF "HKLM"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLike]
C:\Program Files\iLike\1.1.13\ilikesidebar.exe /checkforupdate
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
"C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Cerberus FTP Server"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"InoTask"=2 (0x2)
"InoRT"=2 (0x2)
"InoRPC"=2 (0x2)
"gusvc"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"UnrealIRCd"=2 (0x2)
"MySQLServer"=2 (0x2)
"FileZilla Server"=2 (0x2)
"AresChatServer"=3 (0x3)
"aawservice"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67257880-685b-11dc-b4ca-000d0bc30364}]
AutoRun\command- O:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2007-11-12 19:31:53 ------------
EXTRA.TXT:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1022.42 MiB / 511.31 MiB
Pagefile Memory (total/avail): 2459.31 MiB / 2032.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.87 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 117.19 GiB total, 19.2 GiB free.
D: is Fixed (NTFS) - 4.65 GiB total, 1.32 GiB free.
E: is Fixed (NTFS) - 48.83 GiB total, 36.97 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
N: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 117.19 GiB - C:
\PARTITION1 - Extended Partition - 4.65 GiB - D:
\PARTITION2 - Installable File System - 48.83 GiB - E:
\\.\PHYSICALDRIVE1 -
\\.\PHYSICALDRIVE2 -
\\.\PHYSICALDRIVE3 -
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: avast! antivirus 4.7.1043 [VPS 071111-1] v4.7.1043 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kieran\Application Data
AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STUDY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kieran
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
INOCULAN=C:\PROGRA~1\CA\ETRUST~1
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\STUDY
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\webserver\PHP2\;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\webserver\php;;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\MySQL\MySQL Server 5.0\bin;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin;;C:\PROGRA~1\COMMON~1\MUVEET~130625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PHPRC=C:\webserver\PHP2\
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\steam\steamapps\cheeseweasel257167\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kieran\LOCALS~1\Temp
TMP=C:\DOCUME~1\Kieran\LOCALS~1\Temp
USERDOMAIN=STUDY
USERNAME=Kieran
USERPROFILE=C:\Documents and Settings\Kieran
VProject=c:\program files\steam\steamapps\cheeseweasel257167\counter-strike source\cstrike
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
TEMP.STUDY
(admin)Alan
(admin)Adam
(admin)TEMP
Angie
(admin)Kieran
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll,VoilaBarUnInstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Active@ ISO Burner v 1.1 --> "C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG"
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Apache HTTP Server 2.0.59 --> MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\SETUP.EXE" -l0x9
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AviScreen Classic Version 1.3 --> "C:\Program Files\bobyte\AviScreen classic\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus Vuze\uninstall.exe
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Boulder Dash®. Episode I: Dig The Past 1.2.1 --> "C:\Program Files\ZX Games\Boulder Dash. Episode I\unins000.exe"
C-Media USB2.0 Card Reader --> C:\WINDOWS\CmiUCRUninstall.exe C:\Program Files\C-Media USB2.0 Card Reader
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
Cerberus FTP Server --> MsiExec.exe /I{CA89DE98-57DC-4EE9-9732-4D595F63EA41}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Debugging Tools for Windows --> MsiExec.exe /I{D459A7BB-F85E-4C0E-8AEC-3D90C4549740}
Deliverance --> C:\WINDOWS\unvise32.exe C:\Sierra\Half-Life\deliver\uninstal.log
DRS 2006 Webreceiver --> MsiExec.exe /X{F8E0D18F-37CD-4DE7-B4EE-69B08126A65B}
Dungeon Keeper 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Bullfrog\Dungeon Keeper 2\Uninst.isu" -c"C:\Program Files\Bullfrog\Dungeon Keeper 2\uninst.dll"
DynDNS Updater 3.1 --> "C:\Program Files\DynDNS Updater\unins000.exe"
ElectroServer 3.7.3 --> C:\webserver\ElectroServer 3\ElectroServer 3\uninstall.exe
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESDX6000_CX5900 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESDX6000_CX5900\USE_G\DOCUNINS.EXE
FileZilla Server (remove only) --> "C:\Program Files\FileZilla Server\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
GaitoBot AIML Editor --> rundll32.exe dfshim.dll,ShArpMaintain GaitoBotEditor.application, Culture=en-GB, PublicKeyToken=19e9c7007e028c26, processorArchitecture=msil
GD MSN Plugin --> MsiExec.exe /X{4587F771-E379-411B-AD82-B2D553938743}
Geometry Wars --> "C:\Program Files\Steam\steam.exe" steam://uninstall/8400
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop MSN Plugin --> MsiExec.exe /I{DC33D3D7-E641-4F17-A562-D572A1FD579B}
Google Desktop Plugin - Outlook Tasks --> MsiExec.exe /X{67699C16-D843-40EA-B296-0C7998CB428E}
Google Desktop Plugins - Workspaces --> MsiExec.exe /I{05ACE89B-B7D7-43DC-A3EF-E82F0E92BD9D}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoogleTalk Sidebar Conference --> MsiExec.exe /I{BCBEB840-D76E-4F7B-94C4-A6AABAC75490}
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
Half-Life --> C:\sierra\HALF-L~1\UNWISE.EXE C:\sierra\HALF-L~1\INSTALL.LOG
Hamachi 1.0.2.3 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iLike Sidebar --> MsiExec.exe /X{7B394AAA-6E2D-4850-9C0E-7A127F763CF7}
Insaniquarium Deluxe --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3320
Install Creator --> C:\Program Files\Install Creator\Uninstal.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic ISO Maker v5.4 (build 0247) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Medion Info Display --> C:\WINDOWS\UnInst32.exe VFDUtil.uni
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money --> c:\program files\microsoft money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP G:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicnotes Player V1.23.1 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
MySQL Server 5.0 --> MsiExec.exe /I{1944C6DC-0F0C-472A-8D0F-047297EE7B0A}
MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
NewsLeecher v3.8 Final --> "C:\Program Files\NewsLeecher\unins000.exe"
Norton Security Scan --> MsiExec.exe /I{E5431FB5-B3EB-46C8-8275-F6447131C98A}
Nortonâ„¢ Security Scan --> MsiExec.exe /I{666CF041-77BE-414E-9A9D-0A227E9B48F8}
NoteWorthy Player --> C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PHOENIX DRIVE --> C:\WINDOWS\eiunin21.exe "C:\Program Files\TRINITRON CG\PHOENIX DRIVE\install.DAT"
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerCinema --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PTC ProDESKTOP 8.0 --> MsiExec.exe /I{A4C4EAEC-5751-11D6-8E4E-009027AA4188}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x9 -removeonly
SC Ver 2.62 --> "C:\Program Files\SC\unins000.exe"
SCXML 1.4.2 --> C:\Program Files\SCXML\uninst.exe
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
SHOUTcast DNAS (remove only) --> "C:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.9.0 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
Sibelius Scorch Plugin --> "C:\Program Files\Musicnotes\uninstsc.exe"
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Sonic & Knuckles Killer ! --> C:\WINDOWS\SKUNINST.EXE C:\WINDOWS\Sonic3K.INI
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Team Fortress Classic --> "C:\program files\steam\steam.exe" steam://uninstall/20
The Games Factory 2 Demo --> C:\Program Files\The Games Factory 2\UninstTGF2.exe
videon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x9
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Live installer --> MsiExec.exe /X{7BC43F11-02C8-45FA-ABDC-E2F9FF31F825}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{7A2B077D-D7AC-4215-B0FB-5EA581E549E6}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
X10 Hardware(tm) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneEditor --> MsiExec.exe /I{7ABD52E5-7E33-493A-8139-AF3EA3629A6A}
ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\setup.exe" -l0x9
-- Application Event Log --
