Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.
Trojan Issue
-
17-03-2008 11:09am#1Right, I've the same problem as this person: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t134283.html, thank you WhiteWashMan.
live.messenger.com in C:\Windows is hidden using a rootkit or similar and I'm having a bitch of a time removing it. I've used MSNCleaner on it (after killing the process, safe mode etc) reports it deleted but it reappears on reboot and starts trying to contact c.milan-fans.com again and trying to download more crap onto this machine (it's some remote IRC thing and I've had to remove stuff from Vundo to DirectX viruses). I got a firewall working (PCTools) and it doesn't seem to be causing the same issue as Comodo was with permissions (well, it hasn't reappeared, hopefully this will stay the case) so as is the file can't talk to daddy so no new malware is popping up but I'd prefer to be rid of it. Just having it blocked from talking to the outside world is more of a band-aid than a solution.
Anyone feeling like helping me get rid of this thing? I'm not a techie, and I think I'm out of my depth.0
Comments
-
-
-
Heya, while I am new to this community. Decided to help you out on this issue a bit. There are a few files that are sticking out like a sore thumb on that list.Is there any other scans I need to run for you guys?
Remove the following files:
C:\WINDOWS\live.messenger.com
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe - not sure about this one. Never had that line on ANY of my computers.
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s - The file is likely to be a dynamic file. It might have another file name or multiple files dropped in this directory.
Also, I recommend removing all active AV's except for one. Multiple AV's tend to have a nice fight sometimes on scanned files in real time or scanned by another AV. If anything, try nod32 or kaspersky's 30day trial and run a custom scan with all of either programs features max'd out. Norton doesn't get much, same with Avast in my experience.
In addition, start - run - msconfig - go to startup, uncheck all the checkboxes for now. It might give you a minor lead over the virii. Nod32, if you use that [what I use] it will most likely request to rescan on restart to rid of additional unwanted junk.
Lastly, as a side note, you have quite a bit of additional objects showing via the HiJackThis log. Which can slow down your browser.
As a side note, if you have the original virus / exe whatever the file is, could you possibly email it to me [bctrainers at gmail com]? I can sand box it to help diagnose your issue further in depth. As removing files may not fully rid of this virus. The virus that you have, like you stated is indeed an IRC backdoor trojan which can DDoS, port scan, download, tack on more viruses and so forth. The list goes on on what it can most likely do.0 -
-
-
Advertisement
-
Main.txt:
Deckard's System Scanner v20071014.68
Run by Padraig O'Sullivan on 2008-03-17 22:28:24
Computer is in Normal Mode.
-- System Restore
Failed to create restore point; System Restore is disabled (service is not running).
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Padraig O'Sullivan.exe)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\iTunes\iTunesHelper.exe
F:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Padraig O'Sullivan\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Padraig O'Sullivan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,\userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04153C3A-0DC2-4489-A02B-CD3FF45518EF} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2547F1B6-45DB-4ADE-83C7-614D51F85E57} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {53B138C6-F680-44AE-80F4-901EAE59F3E8} - (no file)
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A0B8A2E4-0C24-4DC0-A60A-C5B3DC374B27} - (no file)
O2 - BHO: (no name) - {E0BB14A3-0790-4661-9DE8-963CE28DBAE9} - (no file)
O2 - BHO: (no name) - {E4069669-7977-49CB-B77E-1EA528FC66F5} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: (no name) - {FF181F9F-1853-487C-A0BB-1FD18C30C5B7} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [BMb31536dd] Rundll32.exe "C:\WINDOWS\system32\lkglvyek.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Paddy Power Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\PADDYP~1\client.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ibb_cust - file://E:\AIB\ibb_cust.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147392805406
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: tuvvtst - tuvvtst.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 10855 bytes
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV79 - c:\windows\system32\drivers\sshdrv79.sys <Not Verified; ; ProtectCD>
R3 catchme - c:\docume~1\padrai~1\locals~1\temp\catchme.sys (file missing)
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
S1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
S3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys (file missing)
S3 ATIAVAIW (ATI T200 Unified AVStream service) - c:\windows\system32\drivers\atinavt2.sys <Not Verified; ATI Technologies Inc.; ATI AVStream>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 EPScanMemory - c:\program files\epox\eptp\scanmemory32.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 VPROEVENTMONITOR - c:\windows\system32\drivers\vproeventmonitor.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
-- Device Manager: Disabled
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF3705C9
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF3705C9
Service: RTLWUSB
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Device
Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_82771043&REV_02\3&11583659&0&D8
Manufacturer:
Name: PCI Device
PNP Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_82771043&REV_02\3&11583659&0&D8
Service:
-- Scheduled Tasks
2008-03-16 22:40:24 284 --a
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-08-12 18:39:18 368 --a
C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1147371198.job
-- Files created between 2008-02-17 and 2008-03-17
2008-03-17 22:01:39 0 d
C:\WINDOWS\ERUNT
2008-03-16 22:04:57 0 d
C:\MSNCleaner
2008-03-16 21:28:53 0 d
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-16 21:28:04 0 d
C:\Program Files\SUPERAntiSpyware
2008-03-16 21:28:04 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\SUPERAntiSpyware.com
2008-03-16 20:38:57 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\PCToolsFirewallPlus
2008-03-16 20:35:35 93440 --a
C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>
2008-03-16 20:35:33 0 d
C:\Program Files\Common Files\PC Tools
2008-03-16 20:35:32 0 d
C:\Program Files\PC Tools Firewall Plus
2008-03-16 19:58:05 0 d
C:\Program Files\ZoneAlarmSB
2008-03-16 19:55:45 0 d
C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-16 19:55:21 11264 --a
C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-03-16 19:54:46 0 d
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 19:54:40 0 d
C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 19:54:30 0 d
C:\WINDOWS\system32\ZoneLabs
2008-03-15 23:07:18 0 d
C:\Documents and Settings\Administrator\Application Data\Comodo
2008-03-15 23:03:39 0 d
C:\Program Files\Sage
2008-03-15 11:43:01 0 d
C:\Program Files\Trend Micro
2008-03-14 23:31:09 36352 --a
C:\WINDOWS\system32\tuvstsr.dll
2008-03-14 21:31:18 96832 --a
C:\WINDOWS\system32\lkglvyek.dll
2008-03-14 21:10:02 36352 --a
C:\WINDOWS\system32\tuvsqqr.dll
2008-03-14 13:31:16 39424 --a
C:\WINDOWS\system32\hgggdec.dll
2008-03-14 13:21:54 90688 --a
C:\WINDOWS\system32\uogfsjua.dll
2008-03-14 13:21:02 168301 --ahs---- C:\WINDOWS\system32\uttss.ini2
2008-03-14 12:40:05 36352 --a
C:\WINDOWS\system32\ljjigda.dll
2008-03-14 12:33:20 90688 --a
C:\WINDOWS\system32\dnyvahhv.dll
2008-03-14 12:33:18 36352 --a
C:\WINDOWS\system32\byxuuus.dll
2008-03-13 23:47:30 0 d
C:\WINDOWS\Prefetch
2008-03-13 23:14:41 0 d
C:\Documents and Settings\Default User\Application Data\DivX
2008-03-13 21:58:19 68096 --a
C:\WINDOWS\system32\zip.exe
2008-03-13 21:58:19 98816 --a
C:\WINDOWS\system32\sed.exe
2008-03-13 21:58:19 80412 --a
C:\WINDOWS\system32\grep.exe
2008-03-13 21:58:19 73728 --a
C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-13 21:58:16 53248 --a
C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-11 19:43:38 0 d
C:\VundoFix Backups
2008-02-29 23:40:12 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Ventrilo
2008-02-29 23:38:28 0 d
C:\Program Files\Ventrilo
2008-02-26 15:22:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 15:22:43 0 d
C:\Program Files\Windows Live
2008-02-26 15:22:31 0 d
C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-17 16:38:16 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Winamp
-- Find3M Report
2008-03-16 21:27:27 0 d
C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 20:35:33 0 d
C:\Program Files\Common Files
2008-03-16 19:58:06 4212 ---h
C:\WINDOWS\system32\zllictbl.dat
2008-03-16 14:11:32 0 d
C:\Program Files\Semagic
2008-03-15 23:19:11 0 d
C:\Program Files\Comodo
2008-03-15 11:46:52 0 d
C:\Program Files\Opera
2008-03-14 13:25:01 0 d
C:\Program Files\Java
2008-03-14 12:02:06 409600 --a
C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-14 12:02:05 114688 --a
C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-03-13 23:42:09 0 d
C:\Program Files\Movie Maker
2008-03-13 23:42:04 0 d
C:\Program Files\Windows NT
2008-03-13 23:28:12 0 d--h
C:\Program Files\WindowsUpdate
2008-03-13 23:13:09 23348 --a
C:\WINDOWS\system32\emptyregdb.dat
2008-02-22 05:49:48 8974 --a
C:\WINDOWS\mozver.dat
2008-02-14 20:24:38 0 d
C:\Program Files\Stardock
2008-02-08 13:33:30 0 d
C:\Program Files\Common Files\Adobe
2008-01-29 04:35:31 121442 --a
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Cosmos Prefs
2008-01-28 22:40:40 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Bioshock
2008-01-28 19:00:53 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\uTorrent
2008-01-28 18:58:41 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Azureus
2008-01-24 15:44:49 0 d
C:\Program Files\Sony
2008-01-24 15:44:49 0 d--h
C:\Program Files\InstallShield Installation Information
2008-01-24 15:42:27 0 d
C:\Program Files\Common Files\Sony Shared
2008-01-24 15:42:27 0 d
C:\Documents and Settings\Padraig O'Sullivan\Application Data\Sony Corporation
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04153C3A-0DC2-4489-A02B-CD3FF45518EF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2547F1B6-45DB-4ADE-83C7-614D51F85E57}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
04/10/2007 20:06 1135968 --a
C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B138C6-F680-44AE-80F4-901EAE59F3E8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B8A2E4-0C24-4DC0-A60A-C5B3DC374B27}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0BB14A3-0790-4661-9DE8-963CE28DBAE9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4069669-7977-49CB-B77E-1EA528FC66F5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
16/03/2008 19:58 262144 --a
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF181F9F-1853-487C-A0BB-1FD18C30C5B7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 20:06 1135968]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [16/03/2008 19:58 262144]
[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 13:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"iTunesHelper"="F:\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"WinampAgent"="F:\Program Files\Winamp\winampa.exe" [15/01/2008 22:54]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [11/05/2007 02:08]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [12/12/2006 10:46 C:\WINDOWS\system32\Ctxfihlp.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [25/02/2008 16:49]
"BMb31536dd"="C:\WINDOWS\system32\lkglvyek.dll" [14/03/2008 21:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
C:\Documents and Settings\Padraig O'Sullivan\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [21/07/2007 02:17:11]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
ddcdedc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvtst]
tuvvtst.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk
backup=C:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE
-- End of Deckard's System Scanner: finished at 2008-03-17 22:32:16
extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3327.04 MiB / 2818.9 MiB
Pagefile Memory (total/avail): 7257.09 MiB / 6892.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.09 MiB
A: is Removable (Unformatted)
C: is Fixed (NTFS) - 97.65 GiB total, 15.93 GiB free.
is Fixed (NTFS) - 97.66 GiB total, 18.34 GiB free.
E: is CDROM (UDF)
F: is Fixed (NTFS) - 117.19 GiB total, 46.41 GiB free.
\\.\PHYSICALDRIVE0 - ST3160023A - 149.05 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended Partition - 26.11 GiB
\\.\PHYSICALDRIVE1 - WDC WD3200KS-75PFB0 - 298.09 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 298.09 GiB - - F:
-- Security Center
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FW: PC Tools Firewall Plus v3.0.0 (PC Tools)
FW: COMODO Firewall Pro v3.0 (COMODO)
AV: avast! antivirus 4.7.1098 [VPS 080317-0] v4.7.1098 (ALWIL Software) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="D:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"="D:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\\Poker\\Paddy Power Poker\\casino.exe"="C:\\Poker\\Paddy Power Poker\\casino.exe:*:Enabled:Paddy Power Poker"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Padraig O'Sullivan\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Padraig O'Sullivan\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="D:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="D:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"="C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\iTunes\\iTunes.exe"="F:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\LeechGet 2006\\LeechGet.exe"="C:\\Program Files\\LeechGet 2006\\LeechGet.exe:*:Enabled:LeechGet Download Manager"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"="F:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe:*:Enabled:Empire Earth III"
"C:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe"="C:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe:*:Enabled:Sacred"
"C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"="C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"D:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="D:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\EVEMon\\EVEMon.exe"="C:\\Program Files\\EVEMon\\EVEMon.exe:*:Enabled:EVEMon"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Padraig O'Sullivan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PADRAIGPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Padraig O'Sullivan
LOGONSERVER=\\PADRAIGPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\VDMSound;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PADRAI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PADRAI~1\LOCALS~1\Temp
USERDOMAIN=PADRAIGPC
USERNAME=Padraig O'Sullivan
USERPROFILE=C:\Documents and Settings\Padraig O'Sullivan
VDMSPath=C:\Program Files\VDMSound
windir=C:\WINDOWS
-- User Profiles
Padraig O'Sullivan (admin)
Síle Ní Mhurchu (admin)
Administrator (admin)
Guest (guest)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> Dummy
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acoustica MP3 To Wave Converter PLUS --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
Auctioneer AddOns -->\World of Warcraft\Auctioneer Uninstaller.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Battle for Wesnoth 1.3.3 --> "D:\Program Files\Wesnoth\unins000.exe"
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP830 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}\DelDrv.exe" /U:{0D25F7CC-B99C-44ee-9945-B14532B2BB7B} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Capitalism II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF581945-BBE9-11D5-A7FE-50275FC10000}\setup.exe" -uninst
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint --> "C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Company of Heroes --> "D:\Program Files\THQ\Company of Heroes\\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
CONNECT Auto Update --> C:\Program Files\Sony\CONNECTAutoUpdate\Uninstall.exe
CONNECT Player --> MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}
CONNECT Player Language Pack --> MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dawn Of War --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault --> MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Encyclopaedia Britannica 2005 Ultimate Reference Suite DVD --> "C:\Program Files\Britannica 2005\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica 2005 Ultimate Reference Suite DVD.exe"
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Eve Market Scanner --> MsiExec.exe /I{35D8F4EF-12F9-4217-AD18-709EFF635B47}
EVEMon --> C:\Program Files\EVEMon\uninstall.exe
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Galactic Civilizations II -->\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE \PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTime+ --> MsiExec.exe /I{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
gretl version 1.7.0 --> "C:\Program Files\gretl\unins000.exe"
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp psc 2100 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 2100 series
Immortal Cities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E05B1C38-AE31-4146-8D47-E5E71BEB8D9E} /l1033
iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
LeechGet 2006 Version 2.0 --> "C:\Program Files\LeechGet 2006\unins000.exe"
LeechGet 2007 Version 2.1 --> "C:\Program Files\LeechGet 2007\unins000.exe"
LeechGet Opera/Mozilla/Netscape Plug-In --> C:\WINDOWS\unins001.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Americas --> C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia --> C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades --> C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic --> C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Miranda IM --> C:\Program Files\Miranda IM\uninstall.exe
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mood Tracking Diary --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22643D33-9BEA-4E71-BEF3-7E60908E0DA8}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.2) --> C:\WINDOWS\UninstallThunderbird.exe /ua "1.0.2 (en)"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NavBot --> rundll32.exe dfshim.dll,ShArpMaintain NavBot.application, Culture=neutral, PublicKeyToken=145affb9fd4e8010, processorArchitecture=msil
Navini Diagnostics --> "C:\Program Files\NavDiag\Uninstall\Uninstall NavDiag.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetworkAddonMod Beta Version 2005.09.30 --> C:\Documents and Settings\Padraig O'Sullivan\My Documents\SimCity 4\Plugins\NetworkAddonMod\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\System32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenMG Limited Patch 4.7-07-14-05-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Paddy Power Poker --> "C:\Poker\Paddy Power Poker\_SetupPoker.exe" /uninstall
PATRICIAN II --> "C:\Program Files\PATRICIAN II\unins000.exe"
Patrician III --> "C:\Program Files\Patrician III\unins000.exe"
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PC Tools Firewall Plus 3.0 --> "C:\Program Files\PC Tools Firewall Plus\unins000.exe"
PCMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
PDF Manual NW-A10003000 --> MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Poker Tracker Version 2.05.08 --> "C:\Program Files\Poker Tracker V2\unins000.exe"
PokerAce Hud (remove only) --> "C:\Program Files\PokerAce Hud\uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! PageManager 7.15.11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\SETUP.EXE" -l0x9 anything
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.2 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Rise Of Legends --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
River Past Audio Converter --> C:\WINDOWS\Audio Converter Uninstaller.exe
Rome - Total War - Alexander --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C1804BC-094F-431A-BEA5-37A837958029}\setup.exe" -l0x9 -removeonly
Rome - Total War - Gold Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
Sacred --> "C:\Program Files\Ascaron Entertainment\Sacred\unins000.exe"
Sage Instant Accounts V11.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0ED61325-8B7A-4816-B5A5-E2FF59C75F4B}
Sage MIS 3.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Informer50\Uninst.isu"
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Semagic (remove only) --> "C:\Program Files\Semagic\uninstall.exe"
SimCity 4 Deluxe -->\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Smart PC v. 3.0 --> "D:\Program Files\Smart PC\unins000.exe"
SmartUSB56 Voice Modem --> C:\WINDOWS\Modio\SLUSB2KV\Setup.exe /Remove
SOED --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F91D702D-3DB1-11D3-B3A9-0020185257C4}\setup.exe" -uninst
SonicStage 4.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SopCore 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Stainless Steel 3.2 Stand-Alone -->\Program Files\SEGA\Medieval II Total War\Uninstal.exe
Stardock Central -->\PROGRA~1\Stardock\TOTALG~1\GalCiv2\SDCENT~1\UNWISE.EXE \PROGRA~1\Stardock\TOTALG~1\GalCiv2\SDCENT~1\INSTALL.LOG
Stata 10 --> MsiExec.exe /X{6395D480-9F3B-4930-8204-B91C8882F967}
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperPower 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Supreme Commander - Forged Alliance --> C:\Program Files\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.70 --> "D:\Program Files\Codemasters\The Lord of the Rings Online\unins000.exe"
THE SETTLERS - Rise of an Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Settlers II - 10th Anniversary --> "D:\Program Files\Ubisoft\Funatics\The Settlers II - 10th Anniversary\uninstall.exe"
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Witcher --> "C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
UFO Afterlight --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47AF4245-CD81-4353-BFC0-0A21A6EF483A}\setup.exe" -l0x9
VDMSound --> C:\Program Files\VDMSound\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "F:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Xiph QuickTime Components --> "C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
-- Application Event Log
Event Record #/Type30034 / Error
Event Submitted/Written: 03/16/2008 10:04:12 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type30026 / Success
Event Submitted/Written: 03/16/2008 08:43:58 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type30007 / Success
Event Submitted/Written: 03/16/2008 07:22:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type29993 / Success
Event Submitted/Written: 03/15/2008 11:47:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type29973 / Error
Event Submitted/Written: 03/15/2008 11:04:07 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application cmdagent.exe, version 2.4.0.19, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [cmdagent.exe!ws!]
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type73144 / Warning
Event Submitted/Written: 03/17/2008 10:32:10 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type73143 / Warning
Event Submitted/Written: 03/17/2008 10:31:59 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type73142 / Warning
Event Submitted/Written: 03/17/2008 10:31:58 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
Event Record #/Type73140 / Error
Event Submitted/Written: 03/17/2008 10:31:17 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.
Event Record #/Type73137 / Warning
Event Submitted/Written: 03/17/2008 10:29:44 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.
-- End of Deckard's System Scanner: finished at 2008-03-17 22:32:16
0 -
-
-
-
-
Advertisement
-
-
-
-
Advertisement