Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible keylogger on my system [RESOLVED]


  • This topic is locked This topic is locked

#1
Joshiii-Kun

Joshiii-Kun

    Member

  • Member
  • PipPip
  • 10 posts
Hello there,

I'm not sure if this is the right section to post in, but here we go. I ran into a little bit of trouble with Paypal yesterday. Someone seemed to have gotten my password and tried to get €20 from me. After changing the password, reporting the problem to Paypal and getting it fixed, I noticed I couldn't get in my GMail account anymore. That problem was easily fixed though.

Now, my password I used was pretty long. 14 Characters long, including upper- and lowercase letters, numbers and special symbols. I'm not sure how this guy could've gotten my password, so I'm thinking that it could've been a keylogger. Still, it's strange, I have Threatfire running, shouldn't it have notified me of suspicious activity?

Also... AVG AV and SUPERAntiSpyware didn't find anything. I'm not sure what to do now, except for a complete reformat. But I don't really want to do that, not now. So do you geeks have any good advice on what I should do?

Thanks in advance!
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Use two posts for these logs

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

  • 0

#3
Joshiii-Kun

Joshiii-Kun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I can't seem to run IceSword, it keeps giving me a BSOD regarding an application that is writing to read-only memory.

Here's Main.txt:

Deckard's System Scanner v20071014.68
Run by Joshua on 2008-02-26 15:52:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-02-26 14:52:15 UTC - RP634 - Deckard's System Scanner Restore Point
1: 2008-02-26 10:21:06 UTC - RP633 - Vóór malware cleanup


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Joshua.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:28, on 26-2-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\SysTrayMeter\SysTrayMeter.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
J:\andLinux\Xming\Xming.exe
C:\Program Files\VirtuaWin\modules\VWAssigner.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\Joshua\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\PDF-XChange Viewer\pdf-viewer\PDFXCview.exe
C:\Documents and Settings\Joshua\Bureaublad\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Joshua.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Gizmo Project] "C:\Program Files\Gizmo Project\Gizmo.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SDA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "J:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [StartupDelayer] "C:\Program Files\JockerSoft\Startup Delayer\StartupDelayer.exe" -file="C:\Program Files\JockerSoft\Startup Delayer\Sequence.xml"
O4 - HKCU\..\Run: [Skype] "c:\program files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AutorunsDisabled
O4 - Startup: Daemon Tools.lnk = C:\Program Files\DAEMON Tools\daemon.exe
O4 - Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\Joshua\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: KDE Menu (andLinux).lnk = J:\andLinux\Launcher\menu.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
O4 - Global Startup: SysTrayMeter.lnk = C:\Program Files\SysTrayMeter\SysTrayMeter.exe
O4 - Global Startup: Trinket.lnk = C:\Program Files\LordJeb Software\Trinket.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O4 - Global Startup: Xming (andLinux).lnk = J:\andLinux\Xming\Xming.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvi...iveXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186104100015
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave...ploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{829302E5-7BAE-427A-9020-73D0ADA977C8}: NameServer = 10.88.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: andLinux - Unknown owner - J:\andLinux\colinux-daemon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: wampapache - Apache Software Foundation - j:\Wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - j:\Wamp\mysql\bin\mysqld-nt.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13073 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value
.txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 AmdAcpi (AmdAcpi Bus Filter Driver) - c:\windows\system32\drivers\amdacpi.sys <Not Verified; Advanced Micro Devices; AMD ACPI Bus Filter Driver>
R0 giveio - c:\windows\system32\giveio.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 FSLX - c:\windows\system32\drivers\fslx.sys <Not Verified; Altiris, Inc.; >
R1 MemAlloc - c:\windows\system32\drivers\memalloc.sys <Not Verified; Pinnacle Systems GmbH; MemAlloc>
R1 NCPro - c:\windows\system32\drivers\mtictwl.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 CamthWDM (WebcamMax, WDM Video Capture) - c:\windows\system32\drivers\camthwdm.sys <Not Verified; YewSoft; Cam Theme>
R2 CDRPDACC (Quinnware CDDA Driver (by InfinaDyne)) - c:\program files\quintessential media player\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R2 CoLinuxDriver - j:\andlinux\linux.sys
R2 ghostsec - c:\program files\ghostsecuritysuite\ghostsec.sys <Not Verified; Ghost Security; Ghost Security>
R2 ithsgt - c:\windows\system32\drivers\ithsgt.sys
R2 lilsgt - c:\windows\system32\drivers\lilsgt.sys
R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - c:\windows\system32\drivers\vmnetuserif.sys <Not Verified; VMware, Inc.; VMware network application interface driver (32-bit)>
R2 VMparport (VMware VMparport) - c:\windows\system32\drivers\vmparport.sys <Not Verified; VMware, Inc.; VMware parallel port driver>
R2 vmx86 (VMware vmx86) - c:\windows\system32\drivers\vmx86.sys <Not Verified; VMware, Inc.; VMware kernel driver>
R2 vstor2 (Vstor2 Virtual Storage Driver) - c:\program files\common files\vmware\vmware virtual image editing\vstor2.sys <Not Verified; VMware, Inc.; VMware Virtual Machine Importer>
R3 amdtools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SbieDrv - c:\program files\sandboxie\sbiedrv.sys <Not Verified; tzuk; Sandboxie>

S0 Inspect (Comodo Network Engine) - c:\windows\system32\drivers\inspect.sys (file missing)
S1 CmdMon (Comodo Application Engine) - c:\windows\system32\drivers\cmdmon.sys (file missing)
S1 LStone (Pinnacle Systems Studio AV/DV Overlay) - c:\windows\system32\drivers\lstone2k.sys <Not Verified; Pinnacle Systems GmbH; WDM Kernel Mode Driver for Pinnacle MPEG2/DV cards>
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 ethertap (EtherTap Adapter) - c:\windows\system32\drivers\ethertap.sys <Not Verified; HotSwap Network Solutions; P2P-VPN Network Driver>
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 ldiskl - c:\docume~1\joshua\locals~1\temp\ldiskl.sys (file missing)
S3 MA_CMIDI (M-Audio USB Driver) - c:\windows\system32\drivers\ma_cmidi.sys <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>
S3 MagicTune - c:\windows\system32\drivers\mtictwl.sys
S3 ManyCam (ManyCam Virtual Webcam, WDM Video Capture Driver) - c:\windows\system32\drivers\manycam.sys (file missing)
S3 msvad_multi (Samson Audio (WDM)) - c:\windows\system32\drivers\swaudwdm.sys <Not Verified; Samson; Samson Audio (WDM) Driver>
S3 p17filt - c:\windows\system32\drivers\p17filt.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
S3 SamsonLLDriver (Samson C01U LL Driver) - c:\windows\system32\drivers\samsonlldriver.sys <Not Verified; SaneWave Inc.; Samson C01U>
S3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 tap0801co (TAP-Win32 Adapter V8 (coLinux)) - c:\windows\system32\drivers\tap0801co.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver (coLinux)>
S3 XDva016 - c:\windows\system32\xdva016.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (Bonjour-service) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MA_CMIDI_InstallerService (M-Audio Series II MIDI Installer) - c:\program files\m-audio\m-audio series ii midi\ma_cmidi_inst.exe <Not Verified; ; MA_CMIDI USB MIDI Installer Service>
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 SbieSvc (Sandboxie Service) - c:\program files\sandboxie\sbiesvc.exe <Not Verified; tzuk; Sandboxie>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S2 CmdAgent (Comodo Application Agent) - c:\program files\comodo\firewall\cmdagent.exe (file missing)
S3 andLinux - "j:\andlinux\colinux-daemon.exe" --run-service andlinux @j:\andlinux\settings.txt
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 wampapache - "j:\wamp\apache2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S3 wampmysqld - j:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=j:\wamp\mysql\my.ini wampmysqld
S4 VMAuthdService (VMware Authorization Service) - e:\system\vmware\vmware server\vmware-authd.exe <Not Verified; VMware, Inc.; VMware Server>
S4 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Server>
S4 vmount2 (VMware Virtual Mount Manager Extended) - "c:\program files\common files\vmware\vmware virtual image editing\vmount2.exe" <Not Verified; VMware, Inc.; VMware Virtual Machine Importer>
S4 vmserverdWin32 (VMware Registration Service) - e:\system\vmware\vmware server\vmserverdwin32.exe <Not Verified; VMware, Inc.; VMware Server>
S4 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-netwerkkaart
Device ID: V1394\NIC1394\153FB111D800
Manufacturer: Microsoft
Name: 1394-netwerkkaart
PNP Device ID: V1394\NIC1394\153FB111D800
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: PlayLinc Adapter
Device ID: ROOT\NET\0001
Manufacturer: Super Computer Inc.
Name: PlayLinc Adapter
PNP Device ID: ROOT\NET\0001
Service: hamachi_oem

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V8 (coLinux)
Device ID: ROOT\NET\0002
Manufacturer: TAP-Win32 Provider (coLinux)
Name: TAP-Win32 Adapter V8 (coLinux)
PNP Device ID: ROOT\NET\0002
Service: tap0801co

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: EtherTap Adapter
Device ID: ROOT\NET\0003
Manufacturer: BurtonKrahnInc
Name: EtherTap Adapter
PNP Device ID: ROOT\NET\0003
Service: ethertap

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter


-- Scheduled Tasks -------------------------------------------------------------

2008-02-26 00:00:00 298 --a------ C:\WINDOWS\Tasks\MimarSinan Rubber Ducky Updates.job
2008-02-13 12:14:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-26 and 2008-02-26 -----------------------------

2008-02-26 11:30:53 0 d-------- C:\Documents and Settings\Joshua\Application Data\Grisoft
2008-02-26 11:16:28 0 d-------- C:\Program Files\Trend Micro
2008-02-26 11:02:45 2858 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-26 09:55:52 0 d-------- C:\WINDOWS\LastGood
2008-02-26 02:05:34 0 dr-h----- C:\Documents and Settings\Joshua\Onlangs geopend
2008-02-25 23:15:49 0 d-------- C:\Program Files\RogueRemover FREE
2008-02-25 21:33:08 0 d-------- C:\Documents and Settings\Joshua\Application Data\Malwarebytes
2008-02-25 21:33:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-25 21:33:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-25 20:58:48 0 d-------- C:\Documents and Settings\Joshua\Application Data\PrevxCSI
2008-02-25 19:42:35 0 d-------- C:\Program Files\KeePass Password Safe
2008-02-23 17:46:55 13396 --a------ C:\WINDOWS\system32\drivers\MTictwl.sys
2008-02-23 17:46:53 0 d-------- C:\Program Files\SEC
2008-02-23 17:15:42 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-02-23 17:07:33 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-02-23 17:07:33 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-02-23 17:07:33 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-02-23 17:07:33 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-02-23 17:07:33 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-02-23 17:07:33 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-02-23 17:07:33 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-02-23 17:07:33 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-02-23 17:07:33 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-02-23 17:07:33 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-02-23 17:07:33 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-02-23 17:07:33 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-02-23 17:07:33 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-02-23 17:07:33 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-02-23 17:07:33 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-02-23 17:07:33 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-02-23 17:07:33 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-02-23 17:07:33 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-02-23 17:05:39 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-02-23 17:01:15 0 d-------- C:\Program Files\epson
2008-02-23 03:08:47 0 d-------- C:\Program Files\TaskSwitchXP
2008-02-21 19:59:04 25856 --a------ C:\WINDOWS\system32\drivers\tap0801co.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver (coLinux)>
2008-02-20 21:25:27 0 d-------- C:\Program Files\WordFlashReader
2008-02-17 15:09:01 0 d-------- C:\Documents and Settings\Joshua\Application Data\JetStart
2008-02-17 15:07:45 0 d-------- C:\Documents and Settings\All Users\Application Data\FogelSoft
2008-02-17 15:07:24 0 d-------- C:\Documents and Settings\Joshua\Application Data\FogelSoft
2008-02-17 15:06:58 0 d-------- C:\Program Files\Vista Startmenu Emulator
2008-02-17 14:54:40 0 d-------- C:\Documents and Settings\Joshua\Application Data\VirtuaWin
2008-02-17 14:54:33 0 d-------- C:\Program Files\VirtuaWin
2008-02-17 14:33:15 0 d-------- C:\Program Files\MacSearch
2008-02-17 14:21:50 0 d-------- C:\Program Files\AutoHotkey
2008-02-17 14:14:24 0 d-------- C:\Program Files\RocketDock
2008-02-14 19:16:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Webcammax
2008-02-14 19:16:37 0 d-------- C:\Documents and Settings\Joshua\Application Data\Webcammax
2008-02-14 15:11:32 8 --a------ C:\WINDOWS\Appdrive$ + Appdir$ + A-Zigo.ini2
2008-02-12 19:53:30 0 d-------- C:\Program Files\Jesusonic
2008-02-12 16:46:52 0 d-------- C:\Program Files\SysTrayMeter
2008-02-09 18:13:32 28160 --a------ C:\WINDOWS\system32\unfreez.exe <Not Verified; WhitSoft Development; UnFREEz>
2008-02-09 01:20:19 0 d-------- C:\Program Files\OpenAL
2008-02-08 23:32:24 0 d-------- C:\Documents and Settings\Joshua\Application Data\Ambient Design
2008-02-08 23:31:17 0 d-------- C:\Program Files\Ambient Design
2008-02-08 19:36:15 0 d-------- C:\Program Files\Safari
2008-02-08 19:15:46 0 d-------- C:\Program Files\Fast Aero
2008-02-07 23:00:34 0 d-------- C:\Program Files\mIRC
2008-02-07 23:00:34 0 d-------- C:\Documents and Settings\Joshua\Application Data\mIRC
2008-02-06 19:30:09 0 d-------- C:\Leo Vloeren
2008-02-04 13:36:09 0 d-------- C:\Program Files\Rainmeter
2008-01-31 23:06:32 0 d-------- C:\Documents and Settings\NetworkService\Menu Start
2008-01-31 15:54:25 0 d-------- C:\Program Files\ThreatFire
2008-01-31 15:54:25 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-29 15:56:38 0 d-------- C:\Program Files\WolfQuest
2008-01-29 13:33:54 0 d-------- C:\Program Files\The Wonderful End of the World Trial
2008-01-28 01:16:14 32463 --a------ C:\WINDOWS\system32\ForceBindIP-Uninstaller.exe
2008-01-28 00:14:48 0 d-------- C:\Documents and Settings\Joshua\Application Data\Soldat
2008-01-27 23:50:13 0 d-------- C:\Documents and Settings\Joshua\Application Data\Wippien
2008-01-27 23:46:31 21930 --a------ C:\WINDOWS\system32\drivers\ethertap.sys <Not Verified; HotSwap Network Solutions; P2P-VPN Network Driver>
2008-01-27 23:46:31 0 d-------- C:\Program Files\NatNix
2008-01-27 23:39:50 0 d-------- C:\Program Files\OpenVPN
2008-01-26 18:17:53 0 d-------- C:\Program Files\Apple Software Update
2008-01-26 18:17:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2008-02-26 15:24:39 0 d-------- C:\Documents and Settings\Joshua\Application Data\foobar2000
2008-02-26 11:32:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-26 10:36:47 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-02-26 09:59:09 0 d-------- C:\Program Files\lolifox
2008-02-26 09:54:23 0 d-------- C:\Program Files\Taskbar Shuffle
2008-02-26 09:54:00 0 d-------- C:\Documents and Settings\Joshua\Application Data\WTablet
2008-02-26 01:45:32 0 d-------- C:\Documents and Settings\Joshua\Application Data\Skype
2008-02-26 01:29:51 0 d-------- C:\Documents and Settings\Joshua\Application Data\TeraCopy
2008-02-25 23:18:07 0 d-------- C:\Program Files\Common Files
2008-02-25 16:00:58 0 d-------- C:\Documents and Settings\Joshua\Application Data\skypePM
2008-02-23 17:46:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-23 17:20:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-21 12:47:08 0 d-------- C:\Documents and Settings\Joshua\Application Data\uTorrent
2008-02-18 23:26:11 0 d-------- C:\Documents and Settings\Joshua\Application Data\OpenOffice.org2
2008-02-17 14:39:27 0 d-------- C:\Program Files\foobar2000
2008-02-17 01:38:13 0 d-------- C:\Documents and Settings\Joshua\Application Data\Aptana
2008-02-16 07:12:30 0 d-------- C:\Program Files\ScreenshotCaptor
2008-02-14 20:52:47 173056 --a----c- C:\WINDOWS\system32\CNCS32.DLL <Not Verified; Clickteam; >
2008-02-14 19:17:12 0 d-------- C:\Program Files\WebcamMax
2008-02-10 23:06:39 0 d-------- C:\Program Files\FreeMind
2008-02-09 01:20:19 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-02-09 01:20:18 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-02-08 23:26:25 0 d-------- C:\Program Files\project dogwaffle
2008-02-08 19:43:01 0 d-------- C:\Documents and Settings\Joshua\Application Data\Apple Computer
2008-02-08 19:35:54 0 d-------- C:\Program Files\Bonjour
2008-01-28 22:12:14 0 d-------- C:\Documents and Settings\Joshua\Application Data\Hamachi
2008-01-27 19:51:59 0 d-------- C:\Program Files\Creative
2008-01-26 23:05:29 0 d-------- C:\Documents and Settings\Joshua\Application Data\InstallShield Installation Information
2008-01-26 20:16:02 0 d-------- C:\Program Files\BADMOJO
2008-01-26 18:18:36 0 d-------- C:\Program Files\QuickTime
2008-01-25 12:27:26 0 d-------- C:\Program Files\AnalogX
2008-01-24 21:48:41 0 d-------- C:\Program Files\Diskeeper Corporation
2008-01-22 14:24:54 0 d-------- C:\Program Files\Lugaru
2008-01-21 09:18:26 0 d-------- C:\Documents and Settings\Joshua\Application Data\AVG7
2008-01-19 00:22:29 216 --a------ C:\fix_msgr.bat
2008-01-19 00:14:06 0 d-------- C:\Documents and Settings\Joshua\Application Data\.purple
2008-01-17 20:04:33 0 d-------- C:\Documents and Settings\Joshua\Application Data\MiniDm
2008-01-17 14:50:37 0 --a------ C:\WINDOWS\system32\PrinterAnywhere
2008-01-17 13:18:23 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-01-17 13:15:01 0 d-------- C:\Program Files\Convar
2008-01-17 13:06:30 0 d-------- C:\Program Files\Recuva
2008-01-17 01:21:32 0 d-------- C:\Program Files\Simpleology
2008-01-16 22:37:07 0 d-------- C:\Documents and Settings\Joshua\Application Data\Adobe
2008-01-16 21:15:53 0 d-------- C:\Program Files\Common Files\Skype
2008-01-16 20:01:15 0 d-------- C:\Documents and Settings\Joshua\Application Data\Bersirc
2008-01-16 20:01:13 0 d-------- C:\Program Files\Bersirc 2.2
2008-01-16 19:57:07 0 d-------- C:\Program Files\xchat
2008-01-16 19:55:26 0 d-------- C:\Documents and Settings\Joshua\Application Data\X-Chat 2
2008-01-14 22:29:05 0 d-------- C:\Program Files\Nattyware
2008-01-14 18:55:14 0 d-------- C:\Program Files\PC Wizard 2008
2008-01-13 22:12:54 0 d-------- C:\Program Files\TeraCopy
2008-01-11 00:58:19 23 --a------ C:\WINDOWS\popcinfot.dat
2008-01-10 18:22:13 0 d-------- C:\Program Files\Yellow Cup
2008-01-08 00:10:18 59 --a------ C:\WINDOWS\cd
2008-01-05 00:50:03 0 d-------- C:\Documents and Settings\Joshua\Application Data\FileZilla
2008-01-04 20:07:48 0 d-------- C:\Program Files\PrinterAnywhere
2008-01-04 19:16:28 0 d-------- C:\Program Files\Real Desktop
2008-01-04 19:16:05 0 d-------- C:\Program Files\SparkleXP
2008-01-03 15:58:14 4096 --a------ C:\WINDOWS\d3dx.dat
2008-01-03 10:31:40 0 d-------- C:\Program Files\Secunia
2008-01-03 01:58:36 0 d-------- C:\Documents and Settings\Joshua\Application Data\IEPro
2008-01-03 01:58:34 0 d-------- C:\Program Files\IEPro
2008-01-02 00:43:07 0 d-------- C:\Program Files\NameMage
2008-01-01 15:39:38 507908 --a----c- C:\WINDOWS\system32\perfh013.dat
2008-01-01 15:39:38 91086 --a----c- C:\WINDOWS\system32\perfc013.dat
2007-12-31 13:05:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-31 12:56:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-31 12:44:25 0 d-------- C:\Program Files\PowerISO
2007-12-30 19:31:53 0 d-------- C:\Program Files\Paint.NET
2007-12-29 11:40:59 5479 --a----c- C:\WINDOWS\mozver.dat
2007-12-28 17:36:24 0 d-------- C:\Documents and Settings\Joshua\Application Data\gtk-2.0
2007-12-28 00:47:27 0 d-------- C:\Documents and Settings\Joshua\Application Data\VMware
2007-11-26 21:13:58 688128 --a------ C:\WINDOWS\system32\lamedrop.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04-10-2007 17:14]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04-10-2007 17:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10-10-2007 19:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [09-03-2007 18:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10-01-2008 15:27]
"nwiz"="nwiz.exe" [04-10-2007 17:14 C:\WINDOWS\system32\nwiz.exe]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [15-02-2008 18:20]
"P17Helper"="P17.dll" [03-05-2005 19:38 C:\WINDOWS\system32\P17.dll]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [09-02-2008 05:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 03:00]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [16-06-2007 00:15]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" []
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" []
"Gizmo Project"="C:\Program Files\Gizmo Project\Gizmo.exe" [15-06-2007 23:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11-06-2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 11:34]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [16-06-2007 14:47]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03-07-2007 11:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [09-05-2007 21:33]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [01-03-2007 07:01]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [02-09-2007 13:58]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [20-08-2007 12:13]
"Steam"="J:\Program Files\Steam\Steam.exe" [10-01-2008 20:49]
"StartupDelayer"="C:\Program Files\JockerSoft\Startup Delayer\StartupDelayer.exe" []
"Skype"="c:\program files\skype\Phone\Skype.exe" [07-12-2007 15:08]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" []
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" []

C:\Documents and Settings\Joshua\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16-3-2005 19:16:50]
Daemon Tools.lnk - C:\Program Files\DAEMON Tools\daemon.exe [12-11-2006 11:48:46]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [6-3-2007 19:10:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 20-08-2007 12:13 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-2147199195-725345543-1011\Scripts\Logoff\0\0]
"Script"=scriptoff.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-2147199195-725345543-1011\Scripts\Logon\0\0]
"Script"=scripton.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b942113-0839-11dc-b1cd-0011d899bfdc}]
AutoRun\command- N:\Setup.exe

*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD



-- Hosts -----------------------------------------------------------------------

127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net

69715 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-26 15:57:30 ------------
  • 0

#4
Joshiii-Kun

Joshiii-Kun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
And here is extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Dutch

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2047.48 MiB / 1200.7 MiB
Pagefile Memory (total/avail): 4144.63 MiB / 3452.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.14 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 7.58 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 13.96 GiB free.
E: is Fixed (NTFS) - 48.83 GiB total, 17.91 GiB free.
F: is Fixed (NTFS) - 68.36 GiB total, 16.52 GiB free.
G: is Fixed (NTFS) - 37.57 GiB total, 12.83 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Fixed (NTFS) - 63.47 GiB total, 20.96 GiB free.
K: is CDROM (No Media)
L: is Fixed (NTFS) - 20.51 GiB total, 11.23 GiB free.
M: is Fixed (NTFS) - 30.51 GiB total, 12.59 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6Y120L0 - 114.49 GiB - 3 partitions
\PARTITION0 - Installable File System - 63.47 GiB - J:
\PARTITION1 - Installable File System - 20.51 GiB - L:
\PARTITION2 - Installable File System - 30.51 GiB - M:

\\.\PHYSICALDRIVE0 - WDC WD2500JB-00REA0 - 232.88 GiB - 5 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 203.58 GiB - D: - E: - F: - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: PC Tools Firewall Plus v2.0.0 (PC Tools)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Documents and Settings\\Joshua\\Bureaublad\\utorrent.exe"="C:\\Documents and Settings\\Joshua\\Bureaublad\\utorrent.exe:*:Enabled:µTorrent"
"F:\\Shooters\\Quake III\\quake3.exe"="F:\\Shooters\\Quake III\\quake3.exe:*:Enabled:quake3"
"F:\\Shooters\\Far Cry\\Bin32\\FarCry.exe"="F:\\Shooters\\Far Cry\\Bin32\\FarCry.exe:*:Enabled:Far Cry"
"F:\\Shooters\\Warsow\\warsow.exe"="F:\\Shooters\\Warsow\\warsow.exe:*:Enabled:Warsow"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"F:\\Shooters\\Battlefield 2\\BF2.exe"="F:\\Shooters\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Hulp op afstand - Windows Messenger en spraak"
"C:\\Program Files\\Swapper\\Swapper.exe"="C:\\Program Files\\Swapper\\Swapper.exe:*:Enabled:Wambo"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"E:\\FrostWire\\FrostWire.exe"="E:\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"J:\\softnyx\\GunboundWC\\GunBound.gme"="J:\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"J:\\Worms World Party\\wwp.exe"="J:\\Worms World Party\\wwp.exe:*:Enabled:Worms World Party"
"E:\\Internet\\BitTyrant\\Azureus.exe"="E:\\Internet\\BitTyrant\\Azureus.exe:*:Enabled:Azureus"
"F:\\StepMania 4.0\\Program\\StepMania.exe"="F:\\StepMania 4.0\\Program\\StepMania.exe:*:Enabled:StepMania"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"J:\\Program Files\\Steam\\Steam.exe"="J:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\WinSCP\\WinSCP.exe"="C:\\Program Files\\WinSCP\\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"C:\\Program Files\\Gizmo Project\\Gizmo.exe"="C:\\Program Files\\Gizmo Project\\Gizmo.exe:*:Enabled:Gizmo Project"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Een DLL-bestand als toepassing starten"
"C:\\Program Files\\Kuma Games\\KumaClient.exe"="C:\\Program Files\\Kuma Games\\KumaClient.exe:*:Enabled:KumaClient"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"J:\\Defcon\\defcon.exe"="J:\\Defcon\\defcon.exe:*:Enabled:Defcon"
"E:\\Crysis\\Bin32\\Crysis.exe"="E:\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"E:\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="E:\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\Development\\Aptana\\jre\\bin\\javaw.exe"="E:\\Development\\Aptana\\jre\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"="C:\\Program Files\\CrossLoop\\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"E:\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"="E:\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe:*:Enabled:Unreal Tournament 3 Demo"
"E:\\Unreal Tournament 3\\Binaries\\UT3.exe"="E:\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\lolifox\\lolifox.exe"="C:\\Program Files\\lolifox\\lolifox.exe:*:Enabled:lolifox"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\PrinterAnywhere\\paConsole.exe"="C:\\Program Files\\PrinterAnywhere\\paConsole.exe:*:Enabled:PrinterAnywhere Console"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"C:\\AV-CLS\\WGET.EXE"="C:\\AV-CLS\\WGET.EXE:*:Enabled:WGET.EXE"
"J:\\Games\\Golf Demo\\Golf.exe"="J:\\Games\\Golf Demo\\Golf.exe:*:Enabled:Golf"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"F:\\RTS\\World in Conflict\\wic.exe"="F:\\RTS\\World in Conflict\\wic.exe:*:Enabled:World in Conflict"
"F:\\RTS\\World in Conflict\\wic_online.exe"="F:\\RTS\\World in Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"F:\\RTS\\World in Conflict\\wic_ds.exe"="F:\\RTS\\World in Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\Program Files\\Wippien\\Wippien.exe"="C:\\Program Files\\Wippien\\Wippien.exe:*:Enabled:Wippien"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"J:\\Games\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe"="J:\\Games\\Enemy Territory - QUAKE Wars Demo\\etqwded.exe:*:Enabled:etqwded.exe"
"J:\\Games\\Enemy Territory - QUAKE Wars Demo\\etqw.exe"="J:\\Games\\Enemy Territory - QUAKE Wars Demo\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars™ Demo"
"J:\\Games\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe"="J:\\Games\\Enemy Territory - QUAKE Wars Demo 2\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars™ Demo 2"
"J:\\Games\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe"="J:\\Games\\Enemy Territory - QUAKE Wars Demo 2\\etqwded.exe:*:Enabled:etqwded.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joshua\Application Data
CLASSPATH=D:\Java\
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ULTRANERD
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
fbc="c:\Program Files\FreeBasic\fbc.exe"
FP_NO_HOST_CHECK=NO
GTKMM_BASEPATH=C:\Program Files\Common Files\GTK\2.0
GTK_BASEPATH=C:\PROGRA~1\Gnumeric
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joshua
java="c:\Program Files\Java\jdk1.6.0_02\bin\java.exe"
javac="c:\Program Files\Java\jdk1.6.0_02\bin\javac.exe"
LANG=nl
LOGONSERVER=\\ULTRANERD
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Python25;C:\Perl\bin;C:\PROGRA~1\Gnumeric\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Universal Extractor\bin;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\VDMSound;C:\Program Files\Altiris\Software Virtualization Agent\;c:\Program Files\Java\jdk1.6.0_02\bin\;C:\Program Files\Common Files\Adobe\AGL;E:\media\mplayer\;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\QuickTime\QTSystem\;;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Joshua\LOCALS~1\Temp
TMP=C:\DOCUME~1\Joshua\LOCALS~1\Temp
USERDOMAIN=ULTRANERD
USERNAME=Joshua
USERPROFILE=C:\Documents and Settings\Joshua
VDMSPath=C:\Program Files\VDMSound
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Joshua (admin)
Joshua 2 (admin)
SparkleXP (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x13
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x13
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Front Bass Module 1.0 VSTi --> "D:\VST\4Front Bass\unins000.exe"
4Front Piano Module 1.0 VSTi --> D:\VST\unins000.exe
7-Zip 4.32 --> "C:\Program Files\7-Zip\Uninstall.exe"
AbiWord 2.4.6 (remove only) --> C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
ActivePerl 5.8.8 Build 822 --> MsiExec.exe /I{D0E5A0E6-5947-4F21-B8AE-5129D153083B}
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 2.0 --> msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.1 - Nederlands --> MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Biorhythms 2006 (Version 2.0) --> "C:\Program Files\Advanced Biorhythms\unins000.exe"
Advanced WindowsCare 2.55 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AFPL Ghostscript 8.54 --> C:\Program Files\GhostScript\uninstgs.exe "C:\Program Files\GhostScript\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Program Files\GhostScript\uninstgs.exe "C:\Program Files\GhostScript\fonts\uninstal.txt"
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Aliens 0.9 --> "C:\Program Files\Aliens\unins000.exe"
Altiris Software Virtualization Agent --> MsiExec.exe /I{7D8DBB7C-1C55-4950-A107-043C164F379A}
AMD Dashboard Demo --> C:\PROGRA~1\AMD\Dashboard Demo\UNWISE.EXE /A C:\PROGRA~1\AMD\Dashboard Demo\INSTALL.LOG
AMD Power Monitor --> MsiExec.exe /X{9DD3BF8E-0399-4B15-878B-CE48CE4961F9}
AnalogX Atomic TimeSync --> C:\Program Files\AnalogX\Atomic TimeSync\atsu.exe
andLinux Beta 1 --> "J:\andLinux\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aptana Studio --> E:\Development\Aptana Studio\uninstall.exe
ArtRage 2 Starter Edition --> MsiExec.exe /X{112B1172-48A6-45EF-9653-01BB74A91A35}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Defrag --> "C:\Program Files\AusLogics Registry Defrag\unins000.exe"
Auto Gordian Knot 2.40 --> C:\Program Files\AutoGK\uninst.exe
AutoHotkey 1.0.47.05 --> C:\Program Files\AutoHotkey\uninst.exe
AutoIt v3.2.4.9 --> C:\Program Files\AutoIt3\Uninstall.exe
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bad Mojo --> C:\PROGRA~1\BADMOJO\UNWISE.EXE C:\PROGRA~1\BADMOJO\INSTALL.LOG
Battle for Wesnoth 1.2.6 --> "C:\Program Files\Wesnoth\unins000.exe"
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bersirc 2.2.14 --> C:\Program Files\Bersirc 2.2\uninst.exe
Beveiligingsupdate voor Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
BitTyrant --> E:\Internet\BitTyrant\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BORGChat (remove only) --> "C:\Program Files\BORGChat\BORG-Uninst.exe"
Brothers In Arms --> F:\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"
burnatonce --> "C:\Program Files\burnatonce\unins000.exe"
Cacheman 5.50 --> C:\PROGRA~1\Cacheman\UNWISE.EXE C:\PROGRA~1\Cacheman\install.dat
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Call Of Cthulhu DCoTE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4406ED3-B04C-44F1-ABB4-08775B74934F}\Setup.exe" -l0x9
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x13 UNINST
Camfrog Video Chat 3.93 (remove only) --> "C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
Camtasia Studio 3 --> C:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
Cave Story Deluxe --> C:\Program Files\Cave Story Deluxe\Uninstal.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Coach 5 Thuis --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{FC6A7512-8D70-4385-AB76-0DA49A08217A}
CodecInstaller 2.5.6 --> C:\Program Files\JockerSoft\CodecInstaller\uninst.exe
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Red Alert 2 --> F:\RTS\RedAlert2\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge --> F:\RTS\RedAlert2\Uninstll.EXE
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Construct 0.85 --> "C:\Program Files\Scirra\Construct\unins000.exe"
Construct 0.86 --> "C:\Program Files\Scirra\Construct\unins001.exe"
Construct 0.86.2 --> "C:\Program Files\Scirra\Construct\unins002.exe"
Cool Edit Pro 2.1 --> E:\Media\Coolpro2\cep2unin.exe
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Cragmyre's Overlay Object --> C:\Program Files\MMFusion\Programs\Uninstal.exe
Creative EAX-instellingen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x13 /remove
Creative Luidsprekerinstellingen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x13 /remove
CrossLoop 2.0 --> "C:\Program Files\CrossLoop\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
CX4300_5500_DX4400 Handboek --> C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\NLD\USE_G\DOCUNINS.EXE
CyberTweak Version 1.3 Final --> "C:\Program Files\CyberTweak\unins000.exe"
Dark Messiah Might and Magic Multi-Player --> "J:\Program Files\Steam\steam.exe" steam://uninstall/2130
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
dBpoweramp Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Defcon v1.43 --> "J:\Defcon\unins000.exe"
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "D:\Tools\Dev-Cpp\uninstall.exe"
Device Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x13 /remove
DFX 8 for Winamp --> "C:\Program Files\Winamp\uninstall_dfx.exe"
dictator 0.9.6 --> "C:\Program Files\dictator\unins000.exe"
Diskeeper 2008 Pro Premier --> MsiExec.exe /X{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DLL Toys International Edition 2004 R5 --> C:\Program Files\DLLToys\setup.exe -u
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE E:\MEDIA\CAKEWALK SHARED COMPONENTS\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Earth 2150 --> C:\WINDOWS\IsUninst.exe -f"f:\rts\Earth 2150\Uninst2150.isu"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enemy Territory - QUAKE Wars™ Demo --> C:\Program Files\InstallShield Installation Information\{AEF04476-51FA-41F2-80F0-0AD9B026F46A}\setup.exe -runfromtemp -l0x0409
Enemy Territory - QUAKE Wars™ Demo 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{B7B6C0BE-C919-425C-A493-DF9FF11249F5}\setup.exe -runfromtemp -l0x0409
Enemy Territory - QUAKE Wars™ Demo 2 --> C:\Program Files\InstallShield Installation Information\{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}\setup.exe -runfromtemp -l0x0409
EPSON-printersoftware --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x13 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x13 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x13 UNINST
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x13 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x13 -anything
eyeQ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B33CD700-6738-11D4-87FE-0080C6F974A2}\Setup.exe" -l0x9 -uninst
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
FileZilla Client 3.0.3 --> C:\Program Files\FileZilla Client\uninstall.exe
FL Studio v7.0 --> "E:\Media\FL Studio Producer XXL\unins000.exe"
FLAC 1.2.0a (remove only) --> C:\Program Files\FLAC\uninstall.exe
foobar2000 v0.9.5 --> "C:\Program Files\foobar2000\uninstall.exe"
ForceBindIP --> C:\WINDOWS\system32\ForceBindIP-Uninstaller.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
FreeCommander 2007.10a --> "C:\Program Files\FreeCommander\unins000.exe"
FreeFixer --> "C:\Program Files\FreeFixer\Uninstall.exe" "C:\Program Files\FreeFixer\install.log"
FreeMind --> "C:\Program Files\FreeMind\unins000.exe"
FrostWire 4.13.1.5 BETA --> E:\FrostWire\Uninstall.exe
Functional Ear Trainer v1.1 --> MsiExec.exe /I{29C00AEB-D97A-4C91-80A0-B2AA910CE32C}
Game Maker 6.1 --> C:\Program Files\Game Maker 6\Uninstal.exe
Game Maker 7.0 --> E:\Development\Game_Maker7\Uninstal.exe
Ghost Security Suite --> "C:\Program Files\GhostSecuritySuite\unins000.exe"
GIMP 2.4.0 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Gizmo Project 3.1 --> C:\Program Files\Gizmo Project\uninst.exe
GNU Solfege 3.8.2 --> "C:\Program Files\GNU Solfege\unins000.exe"
Gnumeric Spreadsheet (With Gtk+ 2.6.10) 1.6.3-win32-2 --> C:\Program Files\Gnumeric\uninst.exe
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
GraphicsGale FreeEdition version 1.83 --> "C:\Program Files\GraphicsGale FreeEdition\unins000.exe"
GSM 1.1.4.2 --> "C:\Program Files\Guitar Scales Method\uninst\unins000.exe"
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Gtk+ Runtime Environment 2.10.6-1 --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
GTK+ Runtime omgeving2.10.11 rev b (alleen verwijderen) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
gtkmm Runtime Environment 2.10 --> C:\Program Files\Common Files\GTK\2.0\gtkmm-uninst.exe
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
GuitarFX 3 --> C:\PROGRA~1\GUITAR~3\UNWISE.EXE C:\PROGRA~1\GUITAR~3\INSTALL.LOG
GunboundWC --> "J:\softnyx\unins000.exe"
Half-Life 2: Deathmatch --> "J:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "J:\Program Files\Steam\steam.exe" steam://uninstall/340
Halo Zero - Version 1.8.6.3 --> J:\Halo Zero\Uninstal.exe
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Joshua\Bureaublad\HijackThis.exe" /uninstall
Homeworld2 --> F:\RTS\Homeworld2\uninstall.exe
HostsMan 3.0 Beta1 --> "C:\Program Files\abelhadigital.com\HostsMan\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Hurrican 1.0.0.3 --> "C:\Program Files\Hurrican\unins000.exe"
Hydrogen --> "C:\Program Files\Hydrogen\uninstall.exe"
IE7Pro --> C:\Program Files\IEPro\uninst.exe
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
IHMC CmapTools v4.12 --> "C:\Program Files\IHMC CmapTools\UninstallerData\Uninstall CmapTools.exe"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
IMSI Applications --> C:\WINDOWS\corel\imsiuset.exe
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
InfraRecorder --> C:\Program Files\InfraRecorder\uninstall.exe
innotek VirtualBox --> MsiExec.exe /I{B59FE77B-738F-4F1C-AB48-3104895AF676}
ioIsland.com ClearTweak --> C:\PROGRA~1\ioIsland\CLEART~1\UNWISE.EXE C:\PROGRA~1\ioIsland\CLEART~1\ClearTweak.LOG
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
JelloCar 1.0 --> "C:\Program Files\JelloCar\unins000.exe"
jME (v0.11) Test [effects.cloth.TestCloth] --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.jmonkeyen...loth.TestCloth"
KeePass Password Safe 1.10 --> "C:\Program Files\KeePass Password Safe\unins000.exe"
KRISTAL Audio Engine --> E:\Media\KRISTAL Audio Engine\Uninstall.exe
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Launchy 2.0 --> "C:\Program Files\Launchy\unins000.exe"
Levelator --> "C:\Program Files\Levelator\unins000.exe"
Lifextender --> C:\Program Files\Yellow Cup\Lifextender\Uninstall.exe
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera-stuurprogramma --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
lolifox (0.3.6) --> C:\Program Files\lolifox\uninstall\helper.exe
Lugaru v1.05 --> "C:\Program Files\Lugaru\unins000.exe"
M-Audio Series II MIDI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicWoods --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.javagames...ods/alpha.jnlp"
Maize Studio Beta 3 --> "C:\Program Files\Maize Studio\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Master Plan 1.0 --> "J:\Games\Master Plan\unins000.exe"
Melodyne 3.2 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46301B1E-8962-4672-B5A2-0636BA3C48F4}\setup.exe" -l0x9 -removeonly
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft 3D Movie Maker 1.0 --> e:\PROGRA~1\MICROS~1\COMMON~1\Setup\setup.exe /L Ms3DMu.lst /W Ms3DMu.stf
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft XNA Framework Redistributable 1.0 Refresh --> MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
MimarSinan Rubber Ducky --> "C:\Documents and Settings\All Users\Application Data\{C357FF4B-BB69-4DC2-9869-55F052974DA8}\Rubber Ducky.exe" REMOVE=TRUE MODIFY=FALSE
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mount&Blade --> J:\Mount&Blade\uninstall.exe
Mozilla Firefox (2.0.0.5) --> E:\Internet\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3tunes --> C:\Program Files\MP3tunes\uninstall.exe
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
msxml4 --> MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Multimedia Fusion 2 --> E:\Development\Multimedia Fusion 2\UninstMMF2.exe
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NameMage --> C:\PROGRA~1\NameMage\UNWISE.EXE C:\PROGRA~1\NameMage\INSTALL.LOG
Natural Color Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1043}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Net Profiles --> C:\Program Files\Net Profiles\uninstall.exe
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Neverwinter Nights --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
nLite 1.4 beta --> "C:\Program Files\nLite\unins000.exe"
Nostale Online UK (Remove) --> "J:\Games\Nostale\unins000.exe"
NoteTab Light 5 (Remove only) --> "C:\Program Files\NoteTab Light\unins000.exe"
NSIS Example2 (remove only) --> "C:\Program Files\Flamewar\uninstall.exe"
NTREGOPT 1.1j --> "C:\Program Files\NT Registry Optimizer\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1043
NVTweak --> MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.1 --> MsiExec.exe /I{9307E88E-8D71-41D1-A709-58E763898E3A}
Operation Optimization v1.1.1 --> "F:\RPG\Oblivion\Operation Optimization\unins000.exe"
Paint.NET v3.20 --> MsiExec.exe /X{C1CAAF9E-2A80-4AD0-8D9A-B4327966249F}
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PC Inspector smart recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x13
PC Wizard 2008.1.82 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
PDF-XChange PDF Viewer --> "C:\Program Files\PDF-XChange Viewer\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator --> MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Peggle Extreme --> "J:\Program Files\Steam\steam.exe" steam://uninstall/3483
Penumbra Episode 1 Demo --> "J:\Penumbra\Episode 1 Demo\unins000.exe"
Perfect Battle Online 1.0b --> F:\RTS\Perfect Battle Online\Uninstal.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pidgin 2.0.0beta7 (alleen verwijderen) --> C:\Program Files\Pidgin\pidgin-uninst.exe
Pixie 3.1 (remove only) --> "C:\Program Files\Nattyware\Pixie\uninstall.exe"
Planescape - Torment --> C:\WINDOWS\IsUninst.exe -fj:\rpg\Torment\Uninst.isu
PlayLinc --> MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
Portal: The First Slice --> "J:\Program Files\Steam\steam.exe" steam://uninstall/410
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PrinterAnywhere --> MsiExec.exe /X{4F5A1F00-0DC9-45A5-8CDA-59A0FAE5CBE4}
Process Tamer 2.09.01 --> "C:\Program Files\ProcessTamer\unins000.exe"
Programmers Notepad 2 --> "C:\Program Files\Programmers Notepad\unins000.exe"
project dogwaffle --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\project dogwaffle\ST5UNST.LOG"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
Python 2.5 py2exe-0.6.6 --> "C:\Program Files\Python25\Removepy2exe.exe" -u "C:\Program Files\Python25\py2exe-wininst.log"
Python 2.5 pygame-1.7.1release --> "C:\Program Files\Python25\Removepygame.exe" -u "C:\Program Files\Python25\pygame-wininst.log"
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
pzizz --> C:\Program Files\Brainwave\pzizz\Uninstall.exe
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"f:\shooters\Quake III\QIII.isu"
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Quintessential Media Player --> "C:\Program Files\Quintessential Media Player\uninst.exe"
RapidLeecher --> MsiExec.exe /I{B3940EA5-7872-487E-AF15-CF20DBD65F1B}
RDPSoftware Core Components 1.0 --> C:\WINDOWS\system32\uninst.exe
Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"
Recuva (remove only) --> "C:\Program Files\Recuva\uninst.exe"
Revo Uninstaller 1.42 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
rgc:audio sfz VSTi v1.96 --> D:\VST\Vstplugins\unins000.exe
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
Safari --> MsiExec.exe /X{0CD7D421-C850-4271-8533-0269A3D39FAA}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x13 -removeonly
Sandboxie 3.20.01 --> "C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Screenshot Captor 2.37.03 --> "C:\Program Files\ScreenshotCaptor\unins000.exe"
Secunia PSI (RC1) --> "C:\Program Files\Secunia\PSI (RC1)\uninstall.exe"
Severance, Blade Of Darkness --> C:\WINDOWS\IsUninst.exe -fj:\Severance\Uninst.isu
sfArk --> C:\Program Files\sfArk\uninstall.exe
SFPack --> G:\SFPACK.EXE /uninstall
Shanke Siggraph Build --> "C:\TheArtInstitutes\Shanke\unins000.exe"
SIE-DL02 --> MsiExec.exe /I{F57164A9-DEE3-11D6-B213-002078115C32}
SIE-DL03 --> MsiExec.exe /I{82CE6EA5-DEFC-11D6-B213-002078115C32}
simpleology Wimiki --> MsiExec.exe /I{578082DB-B171-48D3-B22E-5B1662181051}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartClose 1.1 --> "C:\Program Files\SmartClose\unins000.exe"
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmoothDraw NX b701 --> "C:\Program Files\SmoothDraw NX\unins000.exe"
Software Virtualization Trinket --> MsiExec.exe /I{BA3C8C28-C096-450B-B78C-5EA939A073D4}
Soldat 1.4.2 --> "F:\Shooters\Soldat\unins000.exe"
SONAR 6 Producer Edition --> "E:\Media\SONAR 6 Producer Edition\SONAR 6 Producer Edition\unins000.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{52809086-618D-4F0B-8BF1-B75A5BB817A4}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Is your PC Windows XP or Vista ?

You have two firewalls, so you need to disable Windows firewall

1. Click Start, click Run, type Firewall.cpl, and then click OK.
2. On the General tab, click Off (not recommended), and then click OK.



You have three anti-viruses, AVG, Avira, and ThreatFire, you need to remove two of these


Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\system32\lamedrop.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Delete IceSword.exe and it's folder and go to this link

http://antirootkit.c...re/IceSword.htm

Click on Icesword 1.20 for Windows Vista

Then follow my previous instructions concerning IceSword
  • 0

#6
Joshiii-Kun

Joshiii-Kun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm running Windows XP SP2.

Hmm that's weird. Two firewalls? Hmm yeah, I can remember that earlier today I checked my Security Center, and it told me that PC Tools Firewall was running and was protecting me. However, it doesn't show up in the system tray, nor does it warn me of incoming/outgoing traffic and most of all, the PC Tools Firewall directory in Program Files is empty :)

There are still remnants of Avira on my system? I installed that a long time ago! :) That's weird...
Also, is Threatfire considered an antivirus program? I was told Threatfire (used to be Cyberhawk) was made to work together with an antivirus :)

And I placed lamedrop.exe in the system32 folder so I could easily launch it. Lamedrop is a LAME MP3 encoder. I could've also added something to the PATH system variable though..
VirusTotal says it's clean.

Anyway, here is the IceSword thing:

Processes

No red colored processes.

Process:

System Idle Process
System
C:\Documents and Settings\Joshua\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Joshua\Bureaublad\IceSword\IceSword.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SysTrayMeter\SysTrayMeter.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\VirtuaWin\modules\VWAssigner.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\RocketDock\RocketDock.exe

Win32 Services

No red colored services.

Started Service:

Service Name:ALG Display Name:Application Layer Gateway-service
Service Name:AudioSrv Display Name:Windows Audio
Service Name:AVG Anti-Spyware Guard Display Name:AVG Anti-Spyware Guard
Service Name:Avg7Alrt Display Name:AVG7 Alert Manager Server
Service Name:Avg7UpdSvc Display Name:AVG7 Update Service
Service Name:AVGEMS Display Name:AVG E-mail Scanner
Service Name:BITS Display Name:Intelligente achtergrondsoverdrachtservice
Service Name:Bonjour Service Display Name:Bonjour-service
Service Name:Browser Display Name:Computer Browser
Service Name:BthServ Display Name:Bluetooth Support Service
Service Name:CryptSvc Display Name:Services voor cryptografie
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Diskeeper Display Name:Diskeeper
Service Name:dmserver Display Name:Logical Disk Manager
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+-gebeurtenissysteem
Service Name:FastUserSwitchingCompatibility Display Name:Compatibiliteit voor Snelle gebruikerswisseling
Service Name:HidServ Display Name:HID Input Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:LVCOMSer Display Name:LVCOMSer
Service Name:MA_CMIDI_InstallerService Display Name:M-Audio Series II MIDI Installer
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:nTuneService Display Name:nTune Service
Service Name:NVSvc Display Name:NVIDIA Display Driver Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PnkBstrA Display Name:PnkBstrA
Service Name:PnkBstrB Display Name:PnkBstrB
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Verbindingsbeheer voor RAS
Service Name:RpcLocator Display Name:Remote Procedure Call (RPC) Locator
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:SbieSvc Display Name:Sandboxie Service
Service Name:Schedule Display Name:Task Scheduler
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Windows Firewall (WF) / Internet-verbinding delen (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore-service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:TabletService Display Name:TabletService
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Thema's
Service Name:ThreatFire Display Name:ThreatFire
Service Name:UPHClean Display Name:User Profile Hive Cleanup
Service Name:VideoAcceleratorEngine Display Name:VideoAcceleratorEngine
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:wscsvc Display Name:Security Center
Service Name:wuauserv Display Name:Automatische updates

Startup

No red colored startup entries.

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KernelFaultCheck
%systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ThreatFire
C:\Program Files\ThreatFire\TFTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
P17Helper
Rundll32 P17.dll,P17Helper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WebcamMaxMoniter
"C:\Program Files\WebcamMax\wcmmon.exe" /a

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVCOMSX
C:\WINDOWS\system32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LogitechVideoTray
C:\Program Files\Logitech\Video\LogiTray.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Shuffle
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
NVIDIA nTune
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
TaskSwitchXP
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus DX4400 Series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SDA.tmp" /EF "HKCU"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RocketDock
"C:\Program Files\RocketDock\RocketDock.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"c:\program files\skype\Phone\Skype.exe" /nosplash /minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
LogitechSoftwareUpdate
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
desktop.ini


C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Launchy.lnk
C:\Program Files\Launchy\Launchy.exe (Remark£º)

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
NCProTray.lnk
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Remark£º)

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Super Turbo Tango Patcher Reloader.lnk
C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe (Remark£º)

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
SysTrayMeter.lnk
C:\Program Files\SysTrayMeter\SysTrayMeter.exe (Remark£º)

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
VirtuaWin.lnk
C:\Program Files\VirtuaWin\VirtuaWin.exe (Remark£º)

C:\Documents and Settings\Joshua\Menu Start\Programma's\Opstarten
Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark£º)

C:\Documents and Settings\Joshua\Menu Start\Programma's\Opstarten
Daemon Tools.lnk
C:\Program Files\DAEMON Tools\daemon.exe (Remark£º)

C:\Documents and Settings\Joshua\Menu Start\Programma's\Opstarten
desktop.ini


C:\Documents and Settings\Joshua\Menu Start\Programma's\Opstarten
Launchy.lnk
C:\Program Files\Launchy\Launchy.exe (Remark£º)

C:\Documents and Settings\Joshua\Menu Start\Programma's\Opstarten
YouTube Uploader.lnk
C:\Documents and Settings\Joshua\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe (Remark£º)

SSDT

Red colored entries:
\\??\c:\Program Files\GhostSecuritySuite\ghostsec.sys (20 times)
\\??\C:\WINDOWS\system32\drivers\fslx.sys (6 times)
\\??\c:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (once)

Message Hooks

Entries labeled WH_KEYBOARD:
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Notepad2\Notepad2.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\VirtuaWin\modules\VWAssigner.exe
C:\Program Files\SysTrayMeter\SysTrayMeter.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Looking good

Does ThreatFire scan and remove viruses or is it just real-time protection ?

It's important that you never have more than one anti-virus or firewall running.


One more scan then we should be all done

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#8
Joshiii-Kun

Joshiii-Kun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
That sure took a while, but here it is! Lots of locked files.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 27, 2008 8:29:56 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/02/2008
Kaspersky Anti-Virus database records: 582103
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\

Scan Statistics:
Total number of scanned objects: 362680
Number of viruses found: 6
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 05:20:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\PC Tools\ThreatFire\Orig.db Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\cert8.db Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\history.dat Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\key3.db Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\parent.lock Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\call256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\chat512.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\index2.dat Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\user1024.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\user16384.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\user256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\user4096.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Skype\joshua-san\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\abook.mab Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\key3.db Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\Mail\localhost-1\Inbox.msf Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\Mail\pop.gmail-1.com\Trash.msf Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\Mail\pop.gmail.com\Inbox.msf Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\panacea.dat Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\WebmailData\domains.db3 Object is locked skipped
C:\Documents and Settings\Joshua\Application Data\Thunderbird\Profiles\cd738dk3.default\WebmailData\imapdata.db3 Object is locked skipped
C:\Documents and Settings\Joshua\Bureaublad\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Joshua\Bureaublad\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Joshua\Bureaublad\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Joshua\Bureaublad\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Joshua\Bureaublad\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Joshua\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\kyoku-senbi\lolifox\Profiles\6taw8nl4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5CF4_8A04_F489_E09E\dfsr.db Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5CF4_8A04_F489_E09E\fsr.log Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5CF4_8A04_F489_E09E\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_5CF4_8A04_F489_E09E\tmp.edb Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\YouTube\Uploader\uploads.db Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\fla483.tmp Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF1C81.tmp Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF1CA1.tmp Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF3472.tmp Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF3480.tmp Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joshua\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joshua\Mijn documenten\Mijn gespreksgeschiedenis\februari 2008\[email protected] Object is locked skipped
C:\Documents and Settings\Joshua\Mijn documenten\Mijn gespreksgeschiedenis\februari 2008\[email protected] Object is locked skipped
C:\Documents and Settings\Joshua\Mijn documenten\Mijn gespreksgeschiedenis\februari 2008\[email protected] Object is locked skipped
C:\Documents and Settings\Joshua\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joshua\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\a-squared Free\Quarantine\fbfcbebfb9dceb910e81cae2788cb583.a2q/Documents and Settings/Joshua/Mijn documenten/Downloads/Nero 7.5.9.0A Complete Package & Keygen/Nero-7.5.9.0A_eng.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\a-squared Free\Quarantine\fbfcbebfb9dceb910e81cae2788cb583.a2q/Documents and Settings/Joshua/Mijn documenten/Downloads/Nero 7.5.9.0A Complete Package & Keygen/Nero-7.5.9.0A_eng.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\a-squared Free\Quarantine\fbfcbebfb9dceb910e81cae2788cb583.a2q ZIP: infected - 2 skipped
C:\Program Files\CrossLoop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\CrossLoop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Program Files\RocketDock\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{3DC27EC2-E2A9-4D7D-B0ED-21BD3FB65300}\RP641\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Super Turbo Tango Patcher\Tools\wfpdisable.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Lifexten.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_118.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Games\Shooters\sumotori.exe Object is locked skipped
F:\Games\sumotori.exe Object is locked skipped
F:\System Volume Information\_restore{3DC27EC2-E2A9-4D7D-B0ED-21BD3FB65300}\RP641\change.log Object is locked skipped
G:\TheSecret\2\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
G:\TheSecret\2\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe RAR: infected - 1 skipped
J:\System Volume Information\_restore{3DC27EC2-E2A9-4D7D-B0ED-21BD3FB65300}\RP641\change.log Object is locked skipped
L:\hiberfil.sys Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\Users\Joshua\AppData\Local\Temp\~DFEF95.tmp Object is locked skipped
L:\Users\Joshua\AppData\Local\Temp\~DFEF9A.tmp Object is locked skipped
L:\Users\Joshua\AppData\Local\Temp\~DFFB60.tmp Object is locked skipped
L:\Users\Joshua\AppData\Local\Temp\~DFFB65.tmp Object is locked skipped
L:\Windows\CSC\v2.0.6\pq Object is locked skipped
L:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Object is locked skipped
L:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Object is locked skipped
L:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Object is locked skipped
L:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Object is locked skipped
L:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete these files in bold

C:\Program Files\a-squared Free\Quarantine\fbfcbebfb9dceb910e81cae2788cb583.a2q/Documents and Settings/Joshua/Mijn documenten/Downloads/Nero 7.5.9.0A Complete Package & Keygen
G:\TheSecret\2\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe/Toolbar.exe


Reboot and tell me how your PC is running
  • 0

#10
Joshiii-Kun

Joshiii-Kun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The computer seems to run fine. The viruses the scanner found were either quarantined or within a setup package, so I could easily get rid of those.

Thanks for your help :)

I still find it weird that someone actually got my password :) Ah well.
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP