Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Something Nasty


  • Please log in to reply
1 reply to this topic

#1 Zharay

Zharay

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 13 April 2008 - 08:23 PM

Ran a program today that was infected with a virus. At first it wouldn't allow my computer to leave explorer open for a few seconds before closing it automatically, now it kills the process completely, leaving me without a desktop. Running explorer.exe again only has it close a few seconds later. Other quirks are that my install of NOD32 seems to be messed around with, as the design isn't present, buttons are black, and text doesn't fully refresh unless I move the window off screen (only program to do this).

I stupidly ran combofix after a friends suggestion and it crapped my computer (gave blue screens while loading windows), but I managed to save myself with a system restore point (restored back to combofix's restore point).

I can't seem to figure out what kind of infection I have. S&D showed hints of virtumunde but VundoFix and VirtumundoBegone found nothing (at least anything extra).

Deckard's System Scanner v20071014.68
Run by Killzone on 2008-04-13 17:22:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-04-13 22:42:46 UTC - RP480 - ComboFix created restore point
1: 2008-04-13 18:05:13 UTC - RP479 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.

System Drive G: has 21.32 GiB (less than 15%) free.


-- HijackThis (run as Killzone.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25, on 2008-04-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
G:\Windows\system32\taskeng.exe
G:\Windows\system32\Dwm.exe
G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
G:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
G:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
G:\Program Files\Microsoft IntelliPoint\ipoint.exe
G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
G:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
G:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
G:\Windows\System32\CTHELPER.EXE
G:\Windows\System32\CTXFIHLP.EXE
G:\Program Files\Windows Live\Messenger\msnmsgr.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Steam\Steam.exe
G:\Program Files\DAEMON Tools Pro\DTProAgent.exe
G:\Windows\System32\CTXFISPI.EXE
G:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Windows\system32\rundll32.exe
G:\Program Files\Azureus\Azureus.exe
G:\Windows\System32\rundll32.exe
G:\Windows\system32\Taskmgr.exe
G:\Users\Killzone\Desktop\dss.exe
G:\Windows\system32\conime.exe
G:\PROGRA~1\TRENDM~1\HIJACK~1\Killzone.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E4EF8443-F0F9-444F-8D47-AC687FC1EB4D} - G:\Windows\system32\efcbYsts.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - G:\Program Files\ATLAS V13\ATLIECP.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - G:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] -G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] -"G:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] -"G:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Windows Defender] -
O4 - HKLM\..\Run: [egui] "G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "G:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "G:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IntelliPoint] "G:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] -"G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe G:\Windows\system32\fccdccBT.dll,#1
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "g:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "G:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Translate with ATLAS - G:\Program Files\ATLAS V13\Atlscript.html
O8 - Extra context menu item: Append to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ATLAS Translation &Editor - G:\Program Files\ATLAS V13\AtlscriptEdit.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Sothink SWF Catcher - G:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - G:\Program Files\ATLAS V13\Atlscript.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - G:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - G:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - G:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - G:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - G:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - G:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - G:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - -"G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - G:\Windows\system32\nvvsvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"G:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
O23 - Service: PnkBstrA - Unknown owner - G:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - G:\Program Files\WinPcap\rpcapd.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe

--
End of file - 11613 bytes

-- HijackThis Fixed Entries (G:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071207-210001-379 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071207-210001-429 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
backup-20071220-021849-156 O1 - Hosts: 66.207.165.186 cgi.4chan.org
backup-20071220-021849-159 O1 - Hosts: 66.207.165.165 ns2.4chan.org
backup-20071220-021849-193 O1 - Hosts: 66.207.165.166 www.4chan.org
backup-20071220-021849-211 O1 - Hosts: 66.207.165.167 content.4chan.org
backup-20071220-021849-247 O1 - Hosts: 66.207.165.182 dat.4chan.org
backup-20071220-021849-262 O1 - Hosts: 66.207.165.178 dis.4chan.org
backup-20071220-021849-299 O1 - Hosts: 66.207.165.168 orz.4chan.org
backup-20071220-021849-503 O1 - Hosts: 66.207.165.181 img.4chan.org
backup-20071220-021849-504 O1 - Hosts: 66.207.165.177 bin.4chan.org
backup-20071220-021849-532 O1 - Hosts: 216.213.88.50 ns3.4chan.org
backup-20071220-021849-711 O1 - Hosts: 206.220.140.2 ns1.4chan.org
backup-20071220-021849-715 O1 - Hosts: 66.207.165.176 zip.4chan.org
backup-20071220-021849-761 O1 - Hosts: 66.207.165.171 rs.4chan.org
backup-20071220-021849-775 O1 - Hosts: 66.207.165.172 static.4chan.org
backup-20071220-021849-894 O1 - Hosts: 66.207.165.169 tmp.4chan.org
backup-20071220-143028-642 O1 - Hosts: 66.207.165.187 nov.4chan.org
backup-20071224-171600-525 O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20071224-171600-746 O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20071224-171600-766 O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20071224-171600-921 O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
backup-20071225-034015-301 O4 - HKCU\..\Run: [igndlm.exe] G:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
backup-20071225-034015-325 O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20071225-034015-405 O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20071225-034015-430 O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20071225-034015-726 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
backup-20071225-034015-774 O4 - HKLM\..\Run: [Adobe_ID0EYTHM] G:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
backup-20071225-034015-963 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071231-012549-267 O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
backup-20071231-012549-504 O8 - Extra context menu item: Convert selected links to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20071231-012549-553 O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20071231-012549-578 O8 - Extra context menu item: Convert link target to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20071231-012549-849 O8 - Extra context menu item: Convert selection to existing PDF - res://G:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080207-135141-989 O4 - HKCU\..\RunOnce: [Config] G:\Program Files\Common Files\System\RegServ32.exe
backup-20080215-003734-243 O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - -G:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
backup-20080215-003734-359 O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - -"G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" (file missing)
backup-20080215-003734-364 O23 - Service: NMIndexingService - Unknown owner - -"G:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe" (file missing)
backup-20080215-003734-378 O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"G:\Program Files\Windows Live\Messenger\usnsvc.exe" (file missing)
backup-20080215-003734-495 O23 - Service: LVSrvLauncher - Unknown owner - -G:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (file missing)
backup-20080215-003734-562 O23 - Service: nTune Service (nTuneService) - Unknown owner - -G:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
backup-20080215-003734-584 O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - -G:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
backup-20080215-003734-585 O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - -"G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (file missing)
backup-20080215-003734-594 O23 - Service: Apple Mobile Device - Unknown owner - -"G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (file missing)
backup-20080215-003734-651 O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - -"G:\Program Files\Windows Live\installer\WLSetupSvc.exe" (file missing)
backup-20080215-003734-655 O23 - Service: LVCOMSer - Unknown owner - -"G:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" (file missing)
backup-20080215-003734-672 O23 - Service: nHancer Support (nHancer) - Unknown owner - -"G:\Program Files\nHancer\nHancerService.exe" (file missing)
backup-20080215-003734-797 O23 - Service: Steam Client Service - Unknown owner - -G:\Program Files\Common Files\Steam\SteamService.exe (file missing)
backup-20080215-003734-810 O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
backup-20080215-003734-895 O23 - Service: iPod Service - Unknown owner - -"G:\Program Files\iPod\bin\iPodService.exe" (file missing)
backup-20080215-003734-992 O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"G:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (file missing)
backup-20080221-023933-167 O4 - HKLM\..\RunServices: [Microsoft Update Machine] uxrzdj.exe
backup-20080221-023933-402 O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] G:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
backup-20080221-023933-562 O4 - HKCU\..\Run: [Microsoft Update Machine] uxrzdj.exe
backup-20080221-023933-652 O4 - HKLM\..\Run: [Microsoft Update Machine] uxrzdj.exe
backup-20080221-023933-907 O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] G:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
backup-20080221-023933-922 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080322-145525-105 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - G:\Program Files\WinPcap\rpcapd.exe
backup-20080322-145525-304 O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - G:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
backup-20080322-145525-710 O4 - HKCU\..\Run: [Pinnacle Game Profiler] "G:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
backup-20080322-145525-793 O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - G:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\g:\program files\superantispyware\sasdifsv.sys
R1 SCDEmu - g:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 NVR0Dev - \??\g:\windows\nvoclock.sys

S3 pgfilter - \??\g:\program files\peerguardian2\pgfilter.sys
S4 zeqbqwp - \??\g:\windows\zeqbqwp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - g:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>
R2 nTuneService (nTune Service) - g:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R3 FLEXnet Licensing Service - "g:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 LVPrcSrv (Process Monitor) - -"g:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe" (file missing)
S2 XAMPP (XAMPP Service) - c:\program files\xampp\service.exe
S3 Creative ALchemy AL1 Licensing Service - "g:\program files\common files\creative labs shared\service\al1licensing.exe" <Not Verified; Creative Labs; Creative ALchemy AL1 Licensing Service>
S3 IDriverT (InstallDriver Table Manager) - -"g:\program files\common files\installshield\driver\11\intel 32\idrivert.exe" (file missing)
S3 odserv (Microsoft Office Diagnostics Service) - -"g:\program files\common files\microsoft shared\office12\odserv.exe" (file missing)
S4 Apple Mobile Device - "g:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Bonjour Service - "g:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 LVCOMSer - -"g:\program files\common files\logishrd\lvcomser\lvcomser.exe" (file missing)
S4 LVSrvLauncher - -g:\program files\common files\logishrd\srvlnch\srvlnch.exe (file missing)
S4 Nero BackItUp Scheduler 3 - -g:\program files\nero\nero8\nero backitup\nbservice.exe (file missing)
S4 nHancer (nHancer Support) - -"g:\program files\nhancer\nhancerservice.exe" (file missing)
S4 NMIndexingService - -"g:\program files\common files\nero\lib\nmindexingservice.exe" (file missing)
S4 Routing (Routing Service) - g:\windows\system32\routing.exe (file missing)
S4 StarWindServiceAE (StarWind AE Service) - -g:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe (file missing)
S4 Steam Client Service - -g:\program files\common files\steam\steamservice.exe /runasservice (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F13\3&2411E6FE&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F13\3&2411E6FE&0
Service: i8042prt

Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Logitech GamePanel Devices
Device ID: ROOT\SIDESHOW\0000
Manufacturer: Logitech Inc
Name: Logitech GamePanel Devices
PNP Device ID: ROOT\SIDESHOW\0000
Service: WUDFRd


-- Files created between 2008-03-13 and 2008-04-13 -----------------------------

2008-04-13 16:14:35 0 d-------- G:\VundoFix Backups
2008-04-13 16:08:34 9360 --ahs---- G:\Windows\system32\stsYbcfe.ini2
2008-04-13 16:08:30 272896 -----n--- G:\Windows\system32\efcbYsts.dll
2008-04-13 16:03:17 36352 --a------ G:\Windows\system32\fccdccBT.dll
2008-04-13 15:42:26 68096 --a------ G:\Windows\zip.exe
2008-04-13 15:42:26 49152 --a------ G:\Windows\VFind.exe
2008-04-13 15:42:26 212480 --a------ G:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-13 15:42:26 136704 --a------ G:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-13 15:42:26 161792 --a------ G:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-13 15:42:26 98816 --a------ G:\Windows\sed.exe
2008-04-13 15:42:26 80412 --a------ G:\Windows\grep.exe
2008-04-13 15:42:26 73728 --a------ G:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-13 10:58:20 7773 --ahs---- G:\Windows\system32\gQBIkUvw.ini2
2008-04-13 10:25:13 36352 --a------ G:\Windows\system32\byXOFvvT.dll
2008-04-13 10:24:56 55218 --a------ G:\Windows\zeqbqwp.sys
2008-04-13 10:24:44 36352 --a------ G:\Windows\system32\qomNddAT.dll
2008-04-09 19:33:29 0 d-------- G:\Program Files\FlashGet
2008-04-09 17:13:39 0 d-------- G:\Program Files\Ubisoft
2008-04-08 11:27:14 53248 -----n--- G:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative Product Registration>
2008-04-08 11:27:08 0 d-------- G:\Program Files\Common Files\Creative Labs Shared
2008-04-08 11:18:29 413696 --a------ G:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-08 11:16:27 0 d-------- G:\Windows\system32\Data
2008-04-08 11:16:27 3072 --a------ G:\Windows\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-04-08 11:16:26 69120 --a------ G:\Windows\system32\CmdRtr.DLL
2008-04-08 11:16:26 108544 --a------ G:\Windows\system32\APOMngr.DLL
2008-04-08 11:16:24 0 d-------- G:\Program Files\Creative
2008-04-07 23:46:34 0 d-------- G:\Program Files\Bootfighter Windom XP sp-2.NET
2008-04-03 22:14:46 0 d-------- G:\Windows\nvtmpinst
2008-04-03 13:09:44 0 d-------- G:\Program Files\Veoh Networks
2008-04-03 13:08:21 0 d-------- G:\Windows\Downloaded Installations
2008-04-01 11:11:55 43520 --a------ G:\Windows\system32\CmdLineExt03.dll
2008-04-01 11:02:26 0 d-------- G:\Program Files\CAPCOM
2008-04-01 00:52:02 0 d-------- G:\Program Files\GNU
2008-03-25 16:12:27 151552 --a------ G:\Windows\system32\nvRegDev.dll
2008-03-22 14:53:42 0 d-------- G:\Program Files\MegauploadToolbar
2008-03-22 14:53:24 0 d-------- G:\Program Files\Megaupload
2008-03-21 23:43:33 1227264 --a------ G:\Windows\system32\dx8vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-21 23:42:43 123664 --a------ G:\Windows\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 23:42:42 24848 --a------ G:\Windows\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 23:42:42 1050896 --a------ G:\Windows\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 23:42:39 570128 --a------ G:\Windows\system32\dao350.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-03-21 16:22:21 0 d-------- G:\Program Files\Sanny Builder 3
2008-03-21 00:35:04 53248 -----n--- G:\Windows\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-03-21 00:35:04 40960 --a------ G:\Windows\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-03-21 00:35:04 94208 -r--s---- G:\Windows\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
2008-03-21 00:35:04 619008 --a------ G:\Windows\system32\dx7vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-21 00:35:04 57344 -----n--- G:\Windows\system32\ADsSecurity.dll <Not Verified; ; ADsSecurity Module>
2008-03-21 00:35:03 36864 --a------ G:\Windows\system32\dxinputdll.dll
2008-03-21 00:02:16 0 d-------- G:\Program Files\GTASACenter
2008-03-20 23:35:12 0 d-------- G:\Windows\nvidia icons
2008-03-20 22:42:26 0 d-------- G:\Program Files\Rockstar Games
2008-03-18 13:12:40 5120 --a------ G:\Windows\system32\BReWErS.dll
2008-03-17 16:28:06 0 d-------- G:\Program Files\Common Files\SourceTec
2008-03-17 16:28:05 0 d-------- G:\Program Files\SourceTec


-- Find3M Report ---------------------------------------------------------------

2008-10-02 21:30:16 60273 --a------ G:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-10-02 21:30:16 7680 --a------ G:\Windows\system32\ff_vfw.dll
2008-04-13 17:27:10 0 d-------- G:\Users\Killzone\AppData\Roaming\Azureus
2008-04-13 16:03:36 0 d-------- G:\Program Files\Steam
2008-04-13 15:41:46 0 d-------- G:\Users\Killzone\AppData\Roaming\SharpReader
2008-04-12 11:43:48 0 d-------- G:\Users\Killzone\AppData\Roaming\foobar2000
2008-04-10 12:19:46 0 d--h----- G:\Program Files\InstallShield Installation Information
2008-04-10 01:32:49 0 d-------- G:\Users\Killzone\AppData\Roaming\X-Chat 2
2008-04-09 19:33:38 0 d-------- G:\Users\Killzone\AppData\Roaming\FlashGet
2008-04-09 03:12:28 0 d-------- G:\Program Files\Windows Mail
2008-04-08 22:32:45 0 d-------- G:\Program Files\Swarm Racer
2008-04-08 11:27:08 0 d-------- G:\Program Files\Common Files
2008-04-08 11:18:29 110592 --a------ G:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-04-04 19:57:02 0 d-------- G:\Program Files\MeltyBlood
2008-04-03 23:37:20 0 d-------- G:\Users\Killzone\AppData\Roaming\App Launcher Gadget
2008-03-31 18:04:24 0 d-------- G:\Users\Killzone\AppData\Roaming\Audacity
2008-03-31 01:08:22 0 d-------- G:\Users\Killzone\AppData\Roaming\Vidalia
2008-03-31 01:08:20 0 d-------- G:\Users\Killzone\AppData\Roaming\tor
2008-03-27 08:16:38 0 d-------- G:\Program Files\megui
2008-03-25 16:14:03 0 d-------- G:\Program Files\NVIDIA Corporation
2008-03-24 21:14:57 0 d-------- G:\Program Files\Bethesda Softworks
2008-03-22 14:54:01 0 d-------- G:\Users\Killzone\AppData\Roaming\Megaupload
2008-03-22 14:53:42 0 d-------- G:\Users\Killzone\AppData\Roaming\MegauploadToolbar
2008-03-22 14:28:13 0 d-------- G:\Program Files\Utawarerumono
2008-03-21 12:50:42 0 d-------- G:\Users\Killzone\AppData\Roaming\KALiNKOsoft
2008-03-20 13:52:18 0 d-------- G:\Program Files\THQ
2008-03-16 17:06:32 2791 --a------ G:\Windows\mozver.dat
2008-03-13 03:34:26 0 d-------- G:\Program Files\SUPERAntiSpyware
2008-03-12 22:47:24 0 d-------- G:\Program Files\MSECACHE
2008-03-11 19:24:04 0 d-------- G:\Program Files\Ricochet Infinity
2008-03-10 08:14:49 0 d-------- G:\Program Files\Microsoft Visual Studio 9.0
2008-03-10 08:14:48 0 d-------- G:\Program Files\Business Objects
2008-03-10 08:12:04 0 d-------- G:\Program Files\Microsoft SQL Server
2008-03-10 08:06:54 0 d-------- G:\Program Files\Microsoft.NET
2008-03-10 08:04:27 0 d-------- G:\Program Files\Microsoft Device Emulator
2008-03-10 08:03:42 0 d-------- G:\Program Files\Windows Mobile 5.0 SDK R2
2008-03-10 07:58:41 0 d-------- G:\Program Files\Microsoft Synchronization Services
2008-03-10 07:58:41 0 d-------- G:\Program Files\Microsoft SQL Server Compact Edition
2008-03-10 07:45:24 0 d-------- G:\Program Files\Common Files\Merge Modules
2008-03-10 07:39:34 0 d-------- G:\Program Files\HTML Help Workshop
2008-03-10 07:38:51 0 d-------- G:\Program Files\MSBuild
2008-03-10 07:34:10 0 d-------- G:\Program Files\Microsoft SDKs
2008-03-10 07:34:09 0 d-------- G:\Program Files\CE Remote Tools
2008-03-10 07:31:29 0 d-------- G:\Program Files\Microsoft Web Designer Tools
2008-03-08 16:20:38 0 d-------- G:\Program Files\PeerGuardian2
2008-03-08 15:40:09 0 d-------- G:\Program Files\xchat
2008-03-08 15:39:22 0 d-------- G:\Program Files\X-Chat
2008-03-06 16:43:16 215144 --a------ G:\Windows\patchw32.dll
2008-03-06 16:10:16 0 d-------- G:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 16:10:01 0 d-------- G:\Program Files\AGEIA Technologies
2008-03-06 02:55:01 0 d-------- G:\Program Files\Azureus
2008-03-06 02:49:10 0 d-------- G:\Program Files\iTunes
2008-03-06 02:49:01 0 d-------- G:\Program Files\iPod
2008-03-06 02:47:27 0 d-------- G:\Program Files\Bonjour
2008-03-06 02:47:10 0 d-------- G:\Program Files\QuickTime
2008-03-05 18:04:32 0 d-------- G:\Program Files\Tansee iPod Transfer Photo
2008-03-05 17:59:09 0 d-------- G:\Users\Killzone\AppData\Roaming\Red Chair Software
2008-03-05 17:59:09 0 d-------- G:\Program Files\Red Chair Software
2008-03-04 02:32:16 0 d-------- G:\Program Files\RADVideo
2008-03-04 01:54:57 0 d-------- G:\Program Files\Vidalia Bundle
2008-03-03 12:04:17 0 d-------- G:\Program Files\BestGameEver
2008-03-02 14:10:57 0 d-------- G:\Program Files\Microsoft Silverlight
2008-02-29 22:29:04 0 d-------- G:\Users\Killzone\AppData\Roaming\Ubisoft
2008-02-29 21:58:32 0 d-------- G:\Program Files\DAEMON Tools Lite
2008-02-29 21:45:03 0 d-------- G:\Users\Killzone\AppData\Roaming\DAEMON Tools
2008-02-29 21:43:48 0 d-------- G:\Program Files\Common Files\Blizzard Entertainment
2008-02-29 13:26:51 0 d-------- G:\Program Files\Stardock Games
2008-02-29 03:18:35 0 d-------- G:\Users\Killzone\AppData\Roaming\SQLyog
2008-02-29 03:09:37 0 d-------- G:\Users\Killzone\AppData\Roaming\Adobe
2008-02-29 02:45:56 0 d-------- G:\Program Files\Codemasters
2008-02-29 02:33:39 0 d-------- G:\Program Files\Windows Installer Clean Up
2008-02-29 01:57:53 0 d-------- G:\Program Files\Atari
2008-02-29 01:56:33 0 d-------- G:\Program Files\World of Warcraft
2008-02-29 00:32:47 0 d-------- G:\Program Files\Mozilla Thunderbird
2008-02-27 04:10:24 2292 --a------ G:\Users\Killzone\AppData\Roaming\ASSDraw3.cfg
2008-02-27 04:09:10 0 d-------- G:\Program Files\Aegisub
2008-02-24 01:29:33 0 d-------- G:\Program Files\Microsoft Virtual PC
2008-02-23 20:02:35 0 d-------- G:\Program Files\vLite
2008-02-21 22:56:27 802582 --a------ G:\Windows\system32\explor
2008-02-21 12:31:17 53248 --a------ G:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-21 12:09:56 0 d-------- G:\Users\Killzone\AppData\Roaming\Uniblue
2008-02-21 12:09:50 0 d-------- G:\Program Files\Uniblue
2008-02-21 11:39:44 3964 --a------ G:\Windows\system32\tmp.reg
2008-02-21 11:34:00 0 d-------- G:\Users\Killzone\AppData\Roaming\Grisoft
2008-02-21 04:41:43 2546 --a------ G:\Windows\unins000.dat
2008-02-21 04:32:43 691545 --a------ G:\Windows\unins000.exe
2008-02-21 03:37:10 0 d-------- G:\Program Files\SQLyog Enterprise
2008-02-20 19:53:53 0 d-------- G:\Program Files\SQL Maestro Group
2008-02-20 19:53:53 0 d-------- G:\Program Files\Common Files\SQL Maestro Group
2008-02-20 19:38:54 0 d-------- G:\Program Files\PremiumSoft
2008-02-19 05:57:29 0 d-------- G:\Users\Killzone\AppData\Roaming\ActiveState
2008-02-18 02:48:36 0 d-------- G:\Program Files\Wireshark
2008-02-18 02:48:33 0 d-------- G:\Program Files\WinPcap
2008-02-17 18:39:03 0 d-------- G:\Program Files\Gravity
2008-02-17 18:17:11 174 --ahs---- G:\Program Files\desktop.ini
2008-02-17 18:09:16 0 d-------- G:\Program Files\Windows Sidebar
2008-02-17 18:09:16 0 d-------- G:\Program Files\Windows Calendar
2008-02-17 18:09:16 0 d-------- G:\Program Files\Movie Maker
2008-02-17 18:09:13 0 d-------- G:\Program Files\Windows Collaboration
2008-02-17 18:09:12 0 d-------- G:\Program Files\Windows Photo Gallery
2008-02-17 18:09:07 0 d-------- G:\Program Files\Windows Defender
2008-02-17 17:33:16 152576 --a------ G:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-17 16:08:06 691 --a------ G:\Users\Killzone\AppData\Roaming\coreavc.ini
2008-02-16 20:46:45 85504 --a------ G:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-15 22:54:23 0 d-------- G:\Program Files\Cheat Engine
2008-02-15 20:05:36 0 d-------- G:\Program Files\Common Files\InstallShield
2008-02-15 20:02:43 0 d-------- G:\Users\Killzone\AppData\Roaming\Hamachi
2008-02-15 19:52:34 0 d-------- G:\Users\Killzone\AppData\Roaming\GlobalSCAPE - Copy
2008-02-15 01:40:04 0 d-------- G:\Program Files\Lavasoft
2008-02-13 00:20:57 0 d-------- G:\Program Files\Common Files\Adobe
2008-02-13 00:18:55 0 d-------- G:\Program Files\Common Files\Control Panels
2008-02-08 11:37:47 82432 --a------ G:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-07 13:07:38 32764 --a------ G:\Windows\17PHolmes1285.exe
2008-02-05 01:08:21 40960 --a------ G:\Windows\DelPiv.exe
2008-01-31 21:41:55 420 --a------ G:\Windows\system32\msn
2008-01-14 05:15:42 81920 --a------ G:\Windows\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EF8443-F0F9-444F-8D47-AC687FC1EB4D}]
2008-04-13 16:08 272896 --------- G:\Windows\system32\efcbYsts.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="-G:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" []
"SunJavaUpdateSched"="-G:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []
"LogitechCommunicationsManager"="-G:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" []
"LogitechQuickCamRibbon"="-G:\Program Files\Logitech\QuickCam\Quickcam.exe" []
"Windows Defender"="-" []
"egui"="G:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21]
"Launch LCDMon"="G:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43]
"Launch LGDCore"="G:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57]
"IntelliPoint"="G:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01]
"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"Acrobat Assistant 8.0"="G:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54]
"@"="" []
"NBKeyScan"="-G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13]
"NvCplDaemon"="G:\Windows\system32\NvCpl.dll" [2008-03-24 19:52]
"NvMediaCenter"="G:\Windows\system32\NvMcTray.dll" [2008-03-24 19:52]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 G:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 G:\Windows\System32\CTXFIHLP.EXE]
"MSServer"="G:\Windows\system32\fccdccBT.dll" [2008-04-13 10:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-22 00:46]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33]
"Steam"="g:\program files\steam\steam.exe" [2008-03-31 00:35]
"DAEMON Tools Pro Agent"="G:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 06:08]
"NVIDIA nTune"="G:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 20:25]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CtxfiReg"=CTXFIREG.exe /FAIL1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= G:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
"{01A33D85-4706-452A-B71A-99510ADA8C0C}"= G:\Windows\system32\fccdccBT.dll [2008-04-13 10:44 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
G:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 G:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 G:\Windows\system32\efcbYsts

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9525ff-d2ee-11dc-a06e-000129d201d7}]
AutoRun\command- I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b409e3-e25d-11dc-90c5-000129d20281}]
AutoRun\command- H:\autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
G:\Windows\system32\unregmp2.exe /HideWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{D3957CBA-F412-1EE5-C0DB-E57D5C7E5C55}]
G:\Windows\system32\msn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{FFB51E11-E299-1285-7107-8806CB3DFE73}]
G:\Windows\system32\explor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8142 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-13 17:28:37 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Dual Core AMD Opteron™ Processor 185
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 2045.76 MiB / 774.88 MiB
Pagefile Memory (total/avail): 4333.5 MiB / 2909.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1884.4 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 26.16 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 74.52 GiB total, 1.11 GiB free.
F: is Fixed (NTFS) - 186.31 GiB total, 2.51 GiB free.
G: is Fixed (NTFS) - 298.09 GiB total, 21.32 GiB free.
H: is CDROM (UDF)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE3 - Maxtor 6B200M0 ATA Device - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

\\.\PHYSICALDRIVE1 - ST3320620AS ATA Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - G:

\\.\PHYSICALDRIVE0 - ST380011A ATA Device - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.52 GiB - E:

\\.\PHYSICALDRIVE2 - WDC WD2000JS-00MHB1 ATA Device - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\\Program Files\\xchat\\xchat.exe"="G:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=G:\ProgramData
APPDATA=G:\Users\Killzone\AppData\Roaming
CLASSPATH=.;G:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=G:\Program Files\Common Files
COMPUTERNAME=KILLZONE-PC
ComSpec=G:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=G:
HOMEPATH=\Users\Killzone
LOCALAPPDATA=G:\Users\Killzone\AppData\Local
LOGONSERVER=\\KILLZONE-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=G:\Program Files\Mozilla Firefox;G:\Windows\system32;G:\Windows;G:\Windows\system32\wbem;G:\Perl\bin;G:\Program Files\QuickTime\QTSystem;G:\Program Files\QuickTime\QTSystem;G:\Program Files\Microsoft SQL Server\90\Tools\binn;G:\Program Files\MKVtoolnix
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramData=G:\ProgramData
ProgramFiles=G:\Program Files
PROMPT=$P$G
PUBLIC=G:\Users\Public
QTJAVA=G:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=G:
SystemRoot=G:\Windows
TEMP=G:\Users\Killzone\AppData\Local\Temp
TMP=G:\Users\Killzone\AppData\Local\Temp
USERDOMAIN=Killzone-PC
USERNAME=Killzone
USERPROFILE=G:\Users\Killzone
VS90COMNTOOLS=G:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=G:\Windows


-- User Profiles ---------------------------------------------------------------

Killzone (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> G:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> G:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> G:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> G:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> G:\Windows\UNNeroShowTime.exe /UNINSTALL
--> G:\Windows\UNNeroVision.exe /UNINSTALL
--> G:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 /remove
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{A68AACBA-C3AF-467B-978C-E05C31650CF6}\setup.exe" -l0x9
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
--> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
????? --> E:\Games\Games\kakuu no kyoukai\_uninst.exe IJMLILPDICMMILKLIKEF
????? --> MsiExec.exe /X{4BA49794-268A-46B8-BE6F-BB5EC6675940}
????? ver 1.00a --> "G:\Users\Killzone\Downloads\Game Specific\PC\Touhou\10 - Mountain of Faith\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
7-Zip 4.57 --> MsiExec.exe /I{23170F69-40C1-2701-0457-000001000000}
AC3Filter (remove only) --> G:\Program Files\AC3Filter\uninstall.exe
ActivePerl 5.8.7 Build 813 --> MsiExec.exe /I{0CE5EBD2-3058-4A82-A378-023AF36C9614}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection --> G:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> G:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> G:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> G:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Aegisub 2.1.0 Release Preview r1847 --> "G:\Program Files\Aegisub\unins000.exe"
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Album Art Downloader XUI 0.10.1 --> G:\Program Files\AlbumArtDownloader\uninst.exe
ALchemy --> "G:\Program Files\ALchemy\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Assassin's Creed --> G:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
ATLAS Translation Double Pack V13.0 Trial Version --> MsiExec.exe /I{433C2951-F34C-460A-A6DA-C0ACA0A90B97}
Audacity 1.3.4 (Unicode) --> "G:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audiosurf --> MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AVG Anti-Rootkit Free --> G:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> G:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "G:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> G:\Program Files\Azureus\uninstall.exe
Battlefield 2142 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Bink and Smacker --> G:\PROGRA~1\RADVideo\UNWISE.EXE G:\PROGRA~1\RADVideo\INSTALL.LOG
BioShock --> G:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bootfighter Windom XP sp-2.NET --> "G:\Program Files\Bootfighter Windom XP sp-2.NET\unins000.exe"
Call of Duty® 4 - Modern Warfare™ --> G:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> G:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Camtasia --> G:\Program Files\TechSmith\Camtasia\CTuninst.EXE
Cascades demo by NVIDIA (remove only) --> "G:\Program Files\NVIDIA Corporation\NVIDIA Demos\Cascades\uninstall.exe"
CCleaner (remove only) --> "G:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "G:\Program Files\CDisplay\unins000.exe"
Cheat Engine 5.4 --> "G:\Program Files\Cheat Engine\unins000.exe"
Combined Community Codec Pack 2007-11-19 --> "G:\Program Files\Combined Community Codec Pack\unins001.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Company of Heroes --> "G:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
CoreAVC Professional Edition (remove only) --> "G:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
Creative ALchemy (X-Fi Edition) --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{A68AACBA-C3AF-467B-978C-E05C31650CF6}\setup.exe" -l0x9 /remove
Creative Audio Console --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
CryEngine®2 Sandbox™2 --> MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
CuteFTP 8 Professional --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DiRT --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
DivX Codec --> G:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> G:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> G:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> G:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> G:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6 --> G:\Program Files\Download Manager\uninst.exe
Dup Detector --> G:\Windows\DelPiv.exe G:\Program Files\Prismatic Software\DupDetector
EA Download Manager --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Empyreal Nocturne --> "G:\Program Files\Empyreal Nocturne\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
Fate/stay night English v2.0 --> E:\Games\Games\Fate\uninstall.exe
ffdshow [rev 1856] [2008-02-10] --> "G:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe"
FlashGet 1.9.6.1073 --> G:\Program Files\FlashGet\uninst.exe
foobar2000 v0.9.5 beta 8 --> "G:\Program Files\foobar2000\uninstall.exe"
Fraps (remove only) --> "G:\Program Files\Fraps\uninstall.exe"
Gears of War --> G:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409
Gears of War - Screensaver --> G:\Windows\system32\Gears of War - Screensaver.scr /u
GNU Privacy Guard --> "G:\Program Files\GNU\GnuPG\uninst-gnupg.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTA San Andreas --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
GTA San Andreas Control Center v2.1.1 --> G:\PROGRA~1\GTASAC~1\UNWISE.EXE G:\PROGRA~1\GTASAC~1\INSTALL.LOG
GTASA Ultimate Editor 3.6.6 --> "G:\Users\Killzone\AppData\Local\Temp\Rar$EX00.422\GTASA Ultimate Editor\unins000.exe"
Half-Life 2 --> "G:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "G:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One --> "G:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "G:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast --> "G:\Program Files\Steam\steam.exe" steam://uninstall/340
Hamachi 1.0.2.5 --> G:\Program Files\Hamachi\uninstall.exe
HD Tune 2.54 --> "G:\Program Files\HD Tune\unins000.exe"
HijackThis 2.0.2 --> "G:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Human Head demo by NVIDIA (remove only) --> "G:\Program Files\NVIDIA Corporation\NVIDIA Demos\HumanHead\uninstall.exe"
Insurgency ( Remove only) --> "g:\program files\steam\SteamApps\SourceMods\Insurgency\uninstall.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JGsoft EditPad Pro 5 5.4.4 --> G:\Windows\UnDeploy.exe "G:\Program Files\JGsoft\EditPadPro5\Deploy.log"
Kagetsu Tohya English v0.5 --> "G:\Program Files\Kagetsu Tohya English v0.5\uninstall.exe"
Kane and Lynch: Dead Men --> MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Logitech GamePanel Software 2.02 --> MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "G:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"G:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Mega Manager --> G:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
MEGAMANX8 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{AF13E972-FFD5-42FF-8122-46E2F08CEDAF}\setup.exe" -l0x9 -removeonly
Megaupload Toolbar --> G:\Program Files\MegauploadToolbar\uninstall.exe
MeGUI modern media encoder (remove only) --> "G:\Program Files\megui\megui-uninstall.exe"
Melty Blood English v1.8 --> G:\Program Files\MeltyBlood\uninstall.exe
MeltyBlood --> G:\Windows\IsUn0411.exe -f"G:\Program Files\MeltyBlood\Uninst.isu"
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 --> G:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> G:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "G:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "G:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU --> G:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "G:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows Application Compatibility Database --> G:\Windows\system32\sdbinst.exe -u "G:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
MKVtoolnix 2.1.0 --> G:\Program Files\MKVtoolnix\uninst.exe
Monkey's Audio --> "G:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.13) --> G:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> G:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mpeg Layer3 Codec FHG-Radium v1.263 --> G:\Windows\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
MS SQL Maestro 8.1 --> "G:\Program Files\SQL Maestro Group\MS SQL Maestro\unins000.exe"
MSDN Library for Visual Studio 2008 - ENU --> C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
MSDN Library for Visual Studio 2008 - ENU --> MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neverwinter Nights 2 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NewsLeecher v3.9 Beta 1 --> "G:\Program Files\NewsLeecher\unins000.exe"
NewsSearcher --> "G:\Program Files\NewsSearcher\Uninstall.exe"
nHancer --> MsiExec.exe /X{A983B01E-EFFA-4F5E-A7BF-FA85F10E1DE2}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "G:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Nokia Multimedia Converter 2.0 --> "G:\Misc Stuff\Encoding\Nokia\Nokia_Multimedia_Converter_2_0\Uninstall\Uninstaller.exe"
Non-Stop Action Hero --> "G:\Program Files\Non-Stop Action Hero\uninstall.exe"
NVIDIA Drivers --> G:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune --> G:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA Texture Tools 2 --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{D8D06241-617C-42AB-B9C7-D9BA5A377D10}\setup.exe" -l0x9
Oblivion --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Construction Set --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - TweakOblivion 5.10 (Build:370) --> "G:\Program Files\Bethesda Softworks\TweakOblivion\unins000.exe"
Oblivion - Vile Lair --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower --> RunDll32 G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "G:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion mod manager 1.1.9 --> "G:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
OpenAL --> "G:\Program Files\OpenAL\OALInst.exe" /U
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Orca --> MsiExec.exe /I{4F34C602-4D6D-470D-A2A0-59E4F25DDBF2}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "G:\Program Files\PeerGuardian2\unins000.exe"
Peggle Deluxe Demo --> "G:\Program Files\Steam\steam.exe" steam://uninstall/3482
Peggle Extreme --> "G:\Program Files\Steam\steam.exe" steam://uninstall/3483
Pirates, Vikings and Knights II Beta 1.1 --> g:\program files\steam\SteamApps\SourceMods\pvkii\uninst.exe
Portal --> "G:\Program Files\Steam\steam.exe" steam://uninstall/400
Portal: The First Slice --> "G:\Program Files\Steam\steam.exe" steam://uninstall/410
PowerISO --> "G:\Program Files\PowerISO\uninstall.exe"
Privoxy 3.0.6 -->

Edited by Zharay, 13 April 2008 - 08:43 PM.


BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 PM

Posted 25 April 2008 - 06:26 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users