 Malware Infections / Cool Web Search Infection, Don't know how to fix it? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Jul 5 2008, 08:03 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 6 Joined: 5-July 08 Member No.: 220,641  |
I downloaded an illegal version of TuneUp Utilities and ended up with a huge problem - I keep getting an alert message in my toolbar telling me I have spyware on my computer, I can't use Task Manager, there's a message telling me to download anti-spyware programs as my background, and I keep getting a "confirm this is your PC" message that blocks me from doing almost anything else with my computer. I also can't turn on Windows firewall, and an Internet Explorer window involuntarily opens about Top Rated Spyware. I've run Ad-Aware a dozen times and quarantined over 50 things. "Windows Secutity Warning" windows keep popping up that all lead to the same Top Rated Spyware page.
Deckard's System Scanner v20071014.68 Run by Katie Johnston on 2008-07-05 18:52:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; disk is full. Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 88% (more than 75%). System Drive C: has 0.04 GiB (less than 15%) free. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-05 19:10:30 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\uoyzsydz.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Creative\Mixer\CTSVolFE.exe C:\WINDOWS\system32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\WINDOWS\ehome\ehrecvr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Documents and Settings\Katie Johnston\Desktop\dss.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE C:\WINDOWS\444.471 C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Documents and Settings\All Users\Application Data\kjaxohyb\wjqfmlwx.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\portsv.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Creative\MediaSource5\CTDetctu.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\BitLord\BitLord.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\azczqrob.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Documents and Settings\Katie Johnston\Application Data\Microsoft\dtsc\22983.exe C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\TEMP\CM1BD8.EXE C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Documents and Settings\Katie Johnston\Application Data\Microsoft\dtsc\22983.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Microsoft Works\WkDStore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061121 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061121 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061121 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe, O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file) O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file) O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file) O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file) O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file) O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file) O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file) O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file) O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file) O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file) O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\wvUlKCVo.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file) O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file) O2 - BHO: (no name) - {D2D57F41-15E9-47C0-A01F-73970567EA5A} - C:\WINDOWS\system32\geBqOiFy.dll O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file) O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file) O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file) O2 - BHO: targetedbanner browser optimizer - {f2d3812c-94c0-98a1-0789-423eeeeef9f1} - C:\WINDOWS\system32\gvgwthcprrvrtlb.dll O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file) O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file) O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [6ceef0c7] rundll32.exe "C:\WINDOWS\system32\jqdqcqdm.dll",b O4 - HKLM\..\Run: [{c1687090-9b1d-80f2-1401-bc77d2c9ad28}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gvgwthcprrvrtlb.dll" DllStart O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Katie Johnston\Application Data\Microsoft\dtsc\22983.exe O4 - HKCU\..\Run: [uzloxlhf] C:\WINDOWS\system32\azczqrob.exe O4 - HKCU\..\Policies\Explorer\Run: [awNW0CxuRi] C:\Documents and Settings\All Users\Application Data\kjaxohyb\wjqfmlwx.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Katie Johnston\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b...heckControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll O20 - Winlogon Notify: wvUlKCVo - C:\WINDOWS\system32\wvUlKCVo.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471 O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE -- End of file - 21720 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 BCMWLNPF (Broadcom Netgroup Packet Filter) - c:\windows\system32\drivers\bcmwlnpf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver> R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt> S0 HWFProt (Hywave File Protector HWFProt) - c:\windows\system32\drivers\hwfprot.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour> R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.471 service R2 PlugPlayRPC (Plug and Play (RPC)) - c:\windows\portsv.exe service R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> S2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar> S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\39A49161364FC000 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\39A49161364FC000 Service: NIC1394 -- Scheduled Tasks ------------------------------------------------------------- 2008-07-05 06:41:13 1492 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job 2008-07-04 22:27:25 408 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job 2008-07-04 18:58:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-06-05 and 2008-07-05 ----------------------------- 2008-07-05 19:14:24 0 d-------- C:\Program Files\PC-Antispy 2008-07-05 18:22:13 21760 --a------ C:\WINDOWS\mssys.exe 2008-07-05 18:19:41 0 d-------- C:\WINDOWS\system32\4633 2008-07-05 07:16:04 55808 --a------ C:\WINDOWS\portsv.exe 2008-07-05 06:41:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-07-05 06:36:46 0 d-------- C:\Program Files\Webroot 2008-07-05 06:36:46 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\Webroot 2008-07-05 06:36:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-07-05 06:28:00 25856 --a------ C:\WINDOWS\y.exe 2008-07-05 06:28:00 14848 --a------ C:\WINDOWS\xplugin.dll 2008-07-05 06:28:00 27136 --a------ C:\WINDOWS\x.exe 2008-07-05 06:27:59 8960 --a------ C:\WINDOWS\winmgnt.exe 2008-07-05 06:27:59 11008 --a------ C:\WINDOWS\window.exe 2008-07-05 06:27:59 25600 --a------ C:\WINDOWS\winajbm.dll 2008-07-05 06:27:59 9728 --a------ C:\WINDOWS\win64.exe 2008-07-05 06:27:59 19712 --a------ C:\WINDOWS\win32e.exe 2008-07-05 06:27:59 27904 --a------ C:\WINDOWS\waol.exe 2008-07-05 06:27:59 24064 --a------ C:\WINDOWS\users32.exe 2008-07-05 06:27:58 20224 --a------ C:\WINDOWS\time.exe 2008-07-05 06:27:58 9728 --a------ C:\WINDOWS\systemcritical.exe 2008-07-05 06:27:58 14848 --a------ C:\WINDOWS\systeem.exe 2008-07-05 06:27:58 19456 --a------ C:\WINDOWS\svcinit.exe 2008-07-05 06:27:58 15104 --a------ C:\WINDOWS\svchost32.exe 2008-07-05 06:27:58 8704 --a------ C:\WINDOWS\sistem.exe 2008-07-05 06:27:58 18432 --a------ C:\WINDOWS\searchword.dll 2008-07-05 06:27:57 10496 --a------ C:\WINDOWS\rundll16.exe 2008-07-05 06:27:57 16896 --a------ C:\WINDOWS\quicken.exe 2008-07-05 06:27:57 18176 --a------ C:\WINDOWS\qttasks.exe 2008-07-05 06:27:57 15872 --a------ C:\WINDOWS\olehelp.exe 2008-07-05 06:27:57 31744 --a------ C:\WINDOWS\notepad32.exe 2008-07-05 06:27:56 12288 --a------ C:\WINDOWS\mtwirl32.dll 2008-07-05 06:27:56 21504 --a------ C:\WINDOWS\mswsc20.dll 2008-07-05 06:27:56 17408 --a------ C:\WINDOWS\mswsc10.dll 2008-07-05 06:27:56 24576 --a------ C:\WINDOWS\msupdate.exe 2008-07-05 06:27:55 22272 --a------ C:\WINDOWS\msspi.dll 2008-07-05 06:27:55 15872 --a------ C:\WINDOWS\msconfd.dll 2008-07-05 06:27:55 17152 --a------ C:\WINDOWS\loader.exe 2008-07-05 06:27:55 18176 --a------ C:\WINDOWS\internet.exe 2008-07-05 06:27:55 17920 --a------ C:\WINDOWS\inetinf.exe 2008-07-05 06:27:55 27136 --a------ C:\WINDOWS\iexplorer.exe 2008-07-05 06:27:54 11776 --a------ C:\WINDOWS\iedll.exe 2008-07-05 06:27:54 26880 --a------ C:\WINDOWS\helpcvs.exe 2008-07-05 06:27:54 22784 --a------ C:\WINDOWS\gfmnaaa.dll 2008-07-05 06:27:54 15872 --a------ C:\WINDOWS\funny.exe 2008-07-05 06:27:54 20992 --a------ C:\WINDOWS\funniest.exe 2008-07-05 06:27:53 24320 --a------ C:\WINDOWS\explorer32.exe 2008-07-05 06:27:53 11008 --a------ C:\WINDOWS\explore.exe 2008-07-05 06:27:53 26880 --a------ C:\WINDOWS\editpad.exe 2008-07-05 06:27:53 25600 --a------ C:\WINDOWS\dnsrelay.dll 2008-07-05 06:27:52 20992 --a------ C:\WINDOWS\directx32.exe 2008-07-05 06:27:52 10240 --a------ C:\WINDOWS\ctrlpan.dll 2008-07-05 06:27:52 14592 --a------ C:\WINDOWS\ctfmon32.exe 2008-07-05 06:27:52 17152 --a------ C:\WINDOWS\cpan.dll 2008-07-05 06:27:52 22784 --a------ C:\WINDOWS\clrssn.exe 2008-07-05 06:27:52 17920 --a------ C:\WINDOWS\avpcc.dll 2008-07-05 06:27:51 25856 --a------ C:\WINDOWS\accesss.exe 2008-07-05 06:26:59 164 --a------ C:\install.dat 2008-07-05 06:18:10 64317 --a------ C:\WINDOWS\system32\eunsyqbgrfienkgr.exe 2008-07-05 06:15:12 78336 --a------ C:\WINDOWS\system32\jqdqcqdm.dll 2008-07-05 06:11:22 2204 --ahs---- C:\WINDOWS\system32\yFiOqBeg.ini2 2008-07-05 06:11:09 322048 --a------ C:\WINDOWS\system32\geBqOiFy.dll 2008-07-05 06:10:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2008-07-05 06:08:19 4096 --a------ C:\WINDOWS\userconfig9x.dll 2008-07-05 06:08:19 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe 2008-07-05 06:08:19 4096 --a------ C:\WINDOWS\system32\hoproxy.dll 2008-07-05 06:08:19 4096 --a------ C:\WINDOWS\FVProtect.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\taack.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\taack.dat 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\sncntr.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\psoft1.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\psof1.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\ps1.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\mwin32.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\msnbho.dll 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\iTunesMusic.exe 2008-07-05 06:08:17 4096 --a------ C:\WINDOWS\a.bat 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\temp#01.exe 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\ssurf022.dll 2008-07-05 06:08:14 0 d-------- C:\WINDOWS\system32\smp 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\netode.exe 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\mtr2.exe 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\msgp.exe 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\medup020.dll 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\medup012.dll 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll 2008-07-05 06:08:14 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe 2008-07-05 06:08:14 0 d-------- C:\Program Files\Inet Delivery 2008-07-05 06:08:13 4096 --a------ C:\WINDOWS\system32\ssvchost.exe 2008-07-05 06:08:13 4096 --a------ C:\WINDOWS\system32\ssvchost.com 2008-07-05 06:08:13 4096 --a------ C:\WINDOWS\system32\regm64.dll 2008-07-05 06:08:13 4096 --a------ C:\WINDOWS\system32\regc64.dll 2008-07-05 06:08:13 4096 --a------ C:\WINDOWS\system32\msvchost.exe 2008-07-05 06:08:12 4096 --a------ C:\WINDOWS\system32\thun32.dll 2008-07-05 06:08:12 4096 --a------ C:\WINDOWS\system32\thun.dll 2008-07-05 06:08:12 4096 --a------ C:\WINDOWS\system32\Rundl1.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\winsystem.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\winsystem.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\vbsys2.dll 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\sysreq.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\newsd32.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\mssecu.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\emesx.dll 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\bdn.com 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\awtoolb.dll 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\anticipator.dll 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\system32\akttzn.exe 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\mssecu.exe 2008-07-05 06:08:11 0 d-------- C:\WINDOWS\mslagent 2008-07-05 06:08:11 4096 --a------ C:\WINDOWS\bdn.com 2008-07-05 06:08:08 0 d-------- C:\Program Files\akl 2008-07-05 06:08:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real 2008-07-05 06:07:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google 2008-07-05 06:07:33 0 d-------- C:\Documents and Settings\All Users\Application Data\kjaxohyb 2008-07-05 06:07:25 90112 --a------ C:\WINDOWS\system32\azczqrob.exe 2008-07-05 06:07:15 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\uTorrent 2008-07-05 06:06:42 0 d-------- C:\Program Files\uTorrent 2008-07-05 06:06:28 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-07-05 06:06:26 4 --a------ C:\WINDOWS\system32\hljwugsf.bin 2008-07-05 06:06:23 88025 --a------ C:\WINDOWS\system32\uoyzsydz.exe <Not Verified; Microsoft; XML Media> 2008-07-05 06:06:23 88025 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media> 2008-07-05 06:05:49 24576 --a------ C:\WINDOWS\system32\wvUlKCVo.dll 2008-07-05 06:05:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 04:36:22 158208 --a------ C:\WINDOWS\system32\gvgwthcprrvrtlb.dll 2008-06-28 02:48:44 0 d-------- C:\WINDOWS\system32\Adobe 2008-06-28 02:48:32 681 --a------ C:\WINDOWS\mozver.dat 2008-06-27 00:44:32 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\FunWebProducts 2008-06-27 00:42:42 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers> 2008-06-19 21:41:37 0 d-------- C:\Program Files\QuickTime 2008-06-14 21:24:08 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\WordTiles 2008-06-06 17:04:30 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\StoryLines 2008-06-05 14:38:13 0 d-------- C:\Program Files\AFT software 2008-06-05 14:38:05 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install> 2008-06-05 13:11:53 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\Writer's Cafe 2008-06-05 13:11:22 0 d-------- C:\Program Files\Writer's Cafe -- Find3M Report --------------------------------------------------------------- 2008-07-05 19:23:59 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\PC-Antispy 2008-07-05 19:21:54 42372 --a------ C:\Documents and Settings\Katie Johnston\Application Data\wklnhst.dat 2008-07-05 18:31:49 0 d-------- C:\Program Files\Winamp Remote 2008-07-05 06:05:31 0 d-------- C:\Program Files\Common Files 2008-07-05 05:35:36 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\DivX 2008-06-30 23:32:00 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\Move Networks 2008-06-30 22:47:35 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\Adobe 2008-06-27 00:44:25 0 d-------- C:\Program Files\FunWebProducts 2008-06-27 00:43:29 0 d-------- C:\Program Files\MyWebSearch 2008-06-22 20:57:43 0 d-------- C:\Program Files\DivX 2008-06-20 23:15:58 0 d-------- C:\Program Files\Safari 2008-06-09 21:46:17 0 d-------- C:\Program Files\moreTunes 2008-06-02 00:25:36 306 --a------ C:\WINDOWS\PowerReg.dat 2008-06-02 00:24:22 0 d-------- C:\Program Files\Screenplay Systems 2008-06-01 23:10:51 0 d-------- C:\Program Files\Singorama 2008-05-30 18:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-05-30 18:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-30 18:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-30 18:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-30 18:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-28 13:37:48 0 d-------- C:\Program Files\Mozilla Thunderbird 2008-05-24 21:27:19 0 d-------- C:\Program Files\SceneCaster 2008-05-22 17:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-05-22 17:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-05-22 17:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-22 17:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-19 13:04:36 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\Media Player Classic 2008-05-17 19:04:10 0 d-------- C:\Documents and Settings\Katie Johnston\Application Data\IMVU 2008-05-17 18:45:43 0 d-------- C:\Program Files\IMVU 2008-05-17 00:26:09 0 d-------- C:\Program Files\Last.fm 2008-04-21 14:53:39 3532 --a------ C:\drmHeader.bin 2008-04-16 21:54:37 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-16 21:53:03 88 -r-hs---- C:\WINDOWS\system32\92CAA04253.sys -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 12/13/2007 11:49 AM 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60B244BE-559D-4269-B96E-CD264D828EC9}] 07/05/2008 07:22 PM 155648 --a------ C:\Program Files\PC-Antispy\ASpyStBlk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}] 07/05/2008 06:05 AM 24576 --a------ C:\WINDOWS\system32\wvUlKCVo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2D57F41-15E9-47C0-A01F-73970567EA5A}] 07/05/2008 06:11 AM 322048 --a------ C:\WINDOWS\system32\geBqOiFy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2d3812c-94c0-98a1-0789-423eeeeef9f1}] 07/02/2008 04:36 AM 158208 --a------ C:\WINDOWS\system32\gvgwthcprrvrtlb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [12/13/2007 11:49 AM 1185120] [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 10:44 AM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 10:41 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 07:48 PM] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 08:48 PM] "SigmatelSysTrayApp"="stsystra.exe" [03/25/2006 12:30 AM C:\WINDOWS\stsystra.exe] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/03/2006 07:51 PM] "CTSVolFE.exe"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [02/23/2005 04:57 PM] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 06:20 AM] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 04:48 PM] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/08/2007 01:43 AM] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2007 02:21 AM] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/01/2008 01:49 PM] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [10/01/2007 08:08 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM] "MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL" [06/27/2008 12:42 AM] "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" [06/27/2008 12:42 AM] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" [06/27/2008 12:42 AM] "6ceef0c7"="C:\WINDOWS\system32\jqdqcqdm.dll" [07/05/2008 06:15 AM] "{c1687090-9b1d-80f2-1401-bc77d2c9ad28}"="C:\WINDOWS\system32\gvgwthcprrvrtlb.dll" [07/02/2008 04:36 AM] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM] "PC-Antispy"="C:\Program Files\PC-Antispy\PC-Antispy.exe" [07/05/2008 07:22 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 10:57 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM] "MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [03/08/2006 08:56 AM] "Creative Detector U"="C:\Program Files\Creative\MediaSource5\CTDetctu.exe" [10/02/2006 05:03 PM] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [01/07/2008 03:02 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/20/2007 09:53 AM] "BitComet"="C:\Program Files\BitLord\BitLord.exe" [05/06/2005 07:47 PM] "MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" [06/27/2008 12:42 AM] "Microsoft Windows Installer"="C:\Documents and Settings\Katie Johnston\Application Data\Microsoft\dtsc\22983.exe" [07/05/2008 06:06 AM] "uzloxlhf"="C:\WINDOWS\system32\azczqrob.exe" [07/05/2008 06:07 AM] C:\Documents and Settings\Katie Johnston\Start Menu\Programs\Startup\ .protected [7/5/2008 7:25:08 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ .protected [7/5/2008 7:25:08 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableTaskMgr"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] "awNW0CxuRi"=C:\Documents and Settings\All Users\Application Data\kjaxohyb\wjqfmlwx.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{ACED1C9F-2718-4512-9F69-F4E28C1F484F}"= C:\WINDOWS\system32\wvUlKCVo.dll [07/05/2008 06:05 AM 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUlKCVo] wvUlKCVo.dll 07/05/2008 06:05 AM 24576 C:\WINDOWS\system32\wvUlKCVo.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBqOiFy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R "ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart "OrderReminder"=C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe "igfxpers"=C:\WINDOWS\system32\igfxpers.exe "ehTray"=C:\WINDOWS\ehome\ehtray.exe "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "WinampAgent"=C:\Program Files\Winamp\winampa.exe "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5af598ba-aa70-11db-8fd9-0015c574e467}] AutoRun\command- E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a61676c-80d4-11db-8fa9-0015c574e467}] AutoRun\command- explorer.exe http://www.cymbaltamd.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b803efdf-8a52-11db-8fb6-0015c574e467}] AutoRun\command- explorer.exe http://www.cymbaltamd.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b803efe0-8a52-11db-8fb6-0015c574e467}] AutoRun\command- F:\LaunchU3.exe *Newly Created Service* - PCANTISPY [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{294B50CD-4F3F-3FA3-0404-000302080806}] C:\WINDOWS\system32\myprofile_.exe -- Hosts ----------------------------------------------------------------------- 205.238.40.51 www.winmx.com err.winmx.com 205.238.40.2 test3201.winmx.com test3205.winmx.com 205.238.40.2 test3202.winmx.com test3206.winmx.com 205.238.40.1 test3203.winmx.com test3207.winmx.com 82.43.224.20 test3204.winmx.com test3208.winmx.com 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com 15 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-05 20:00:28 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz Percentage of Memory in Use: 83% Physical Memory (total/avail): 1014.37 MiB / 169.27 MiB Pagefile Memory (total/avail): 2443.23 MiB / 1589.89 MiB Virtual Memory (total/avail): 2047.88 MiB / 1935.57 MiB C: is Fixed (NTFS) - 105.09 GiB total, 0 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 4 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 105.09 GiB - C: \PARTITION2 - Extended w/Extended Int 13 - 2047.35 MiB \PARTITION3 - Unknown - 4.64 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntivirusOverride is set. FW: Trend Micro Personal Firewall v3.3 (Trend Micro Inc.) AV: Spy Sweeper with AntiVirus v5.5.7.124 (Webroot Software Inc) Disabled Outdated AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Katie Johnston\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=D6XV94C1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Katie Johnston LOGONSERVER=\\D6XV94C1 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\KATIEJ~1\LOCALS~1\Temp TMP=C:\DOCUME~1\KATIEJ~1\LOCALS~1\Temp USERDOMAIN=D6XV94C1 USERNAME=Katie Johnston USERPROFILE=C:\Documents and Settings\Katie Johnston windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Katie Johnston (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02CAD0B6-C706-4981-A09A-08C088B9233F}\Setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78A6CED5-53E9-4EC5-BECC-74D22A702A92}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA2CA846-C6DB-4468-B291-18D4BA359656}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Absolute Fretboard Trainer PRO --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\AFT software\UnInst.log" "/APPNAME=Absolute Fretboard Trainer PRO" AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log AIM 6 --> C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} AVI Codec Pack --> C:\Program Files\AVI Codec Pack\uninstall.exe AVI Splitter --> "C:\Program Files\avisplit\unins000.exe" Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF} BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5} CalorieKing Nutrition and Exercise Manager (remove only) --> "C:\Program Files\CalorieKing Nutrition and Exercise Manager for Windows\uninst.exe" Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645} Cosmo Virtual Makeover 2 Deluxe --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cosmo Virtual Makeover 2 Deluxe\DeIsL1.isu" Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove Debugging Tools for Windows --> MsiExec.exe /I{D59967FF-4DCC-4695-BCD9-FA47B94047D6} Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe" Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413} Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C} Dramatica Pro 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Screenplay Systems\Dramatica Pro\Uninst.isu" Duplicate Music Files Finder 1.5.5 --> "C:\Program Files\Duplicate Music Files Finder\unins000.exe" EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2} EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864} Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\eunsyqbgrfienkgr.exe ffdshow [rev 1028] [2007-03-13] --> "C:\Program Files\ffdshow\unins000.exe" Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE} GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe" Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe" Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018 IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F} IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe iScrobbler --> C:\Program Files\iTunes\UninstalliScrobble.exe iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} iTunesFolderWatch --> MsiExec.exe /I{F88B6CC6-ABB9-4BF3-B194-142EE4502597} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} LaserJet 1018 --> C:\Program Files\Zenographics\{33082F8C-6499-4E2D-A072-D351337D6CEE}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf" Last.fm 1.5.0.24910 --> "C:\Program Files\Last.fm\unins000.exe" LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe" MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Digital Image Standard 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11 Microsoft Encarta Encyclopedia Standard 2006 --> MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D} Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120 Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9} Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\ Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F} Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel MozBackup 1.4.6 --> "C:\Program Files\MozBackup\unins000.exe" Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MusicBrainz Picard 0.9.0 --> C:\Program Files\MusicBrainz Picard\uninst.exe MXpie Patch for WinMX Network/WPNP --> C:\Program Files\MXpie Patch\MXpie_Uninstaller.exe My Web Search (Zwinky) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsbar.dll,O NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Network Magic --> C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9} OnBase Web ActiveX Install --> MsiExec.exe /I{A4B8D88C-C7AD-45B3-98DE-E78A299964EF} Oregon Trail II --> C:\WINDOWS\uninst.exe -f"C:\Program Files\MECC\Oregon Trail II\DeIsL2.isu" Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe" OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} PC-Antispy --> C:\Program Files\PC-Antispy\Uninstall.exe PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4 QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RegistryRecovery --> C:\Program Files\RegistryRecovery\GLF202.exe /handle:reg Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} SceneCaster --> C:\Program Files\SceneCaster\Version 3.11.16\SceneCaster_Uninstall.exe SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat Singorama! Audio --> MsiExec.exe /X{4850A271-0188-4AC9-A7F4-2EC586FB0EAC} Singorama! Bonus Software --> MsiExec.exe /X{BB9C808A-2F32-41ED-BCFC-DE3A32590A6F} Singorama! eBooks --> MsiExec.exe /X{F0224DA0-91BB-4A90-AB16-59FF757C1DF9} Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The Filter --> rundll32.exe dfshim.dll,ShArpMaintain The Filter.app, Culture=neutral, PublicKeyToken=0d221d3645bc6701, processorArchitecture=msil Torrent Harvester --> C:\Program Files\Torrent Harvester\uninstall.exe Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe" Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll" Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Winamp Essentials Pack v5.35 --> C:\Program Files\Winamp\UninstallWinampEssentials.exe Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe" Winamp Toolbar for Firefox --> "C:\Documents and Settings\Katie Johnston\Application Data\Mozilla\Firefox\Profiles\pnp2e3qy.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe" Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pnarp_EA1D46527BDDE0262D42D36737D2D9EC73FFB1A0\pnarp.inf Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0) --> rundll32.exe C:\PROGRA~1\DIFX\B7A8D76A63BBE060C656AA54D656BF7D1C31D4C3\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\purendis_63F463FB269B562703E37AAC1A91B3A645B65380\purendis.inf Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Writer (Beta) --> MsiExec.exe /I{51353FB0-AAF3-11DA-A746-0800200C9A66} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Writer's Café 1.29 --> "C:\Program Files\Writer's Cafe\unins000.exe" XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931} ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009 -- Application Event Log ------------------------------------------------------- Event Record #/Type5878 / Error Event Submitted/Written: 07/05/2008 07:20:36 PM Event ID/Source: 3 / crypt32 Event Description: Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This network connection does not exist. Event Record #/Type5876 / Error Event Submitted/Written: 07/05/2008 07:20:29 PM Event ID/Source: 3 / crypt32 Event Description: Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The server returned an invalid or unrecognized response Event Record #/Type5874 / Error Event Submitted/Written: 07/05/2008 07:20:16 PM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Event Record #/Type5850 / Error Event Submitted/Written: 07/05/2008 05:24:25 AM Event ID/Source: 482 / ESENT Event Description: wuauclt (4668) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Event Record #/Type5849 / Error Event Submitted/Written: 07/05/2008 05:24:24 AM Event ID/Source: 439 / ESENT Event Description: wuauclt (4200) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type14875 / Warning Event Submitted/Written: 07/05/2008 06:48:47 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type14872 / Warning Event Submitted/Written: 07/04/2008 11:37:14 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0016CFB37383. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type14858 / Warning Event Submitted/Written: 07/04/2008 10:30:04 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type14648 / Warning Event Submitted/Written: 07/04/2008 06:39:38 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type13894 / Warning Event Submitted/Written: 07/04/2008 02:26:40 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. -- End of Deckard's System Scanner: finished at 2008-07-05 20:00:28 ------------ |
 |
 
|
Posts in this topic
KTRJ720 Malware Infections / Cool Web Search Infection Jul 5 2008, 08:03 PM
Buckeye_Sam Hi and welcome to Bleeping Computer! My name ... Jul 6 2008, 06:54 PM KTRJ720 Thank you! I downloaded Trojan Remover yesterd... Jul 8 2008, 12:39 AM Buckeye_Sam You are still heavily infected. I'm surprised... Jul 8 2008, 10:06 AM KTRJ720 Thank you so much. I'm sorry it's taken me... Jul 9 2008, 10:21 PM Buckeye_Sam No, that's ok. It actually shows a clean log ... Jul 10 2008, 08:24 AM KTRJ720 Okay, great! And my computer's running bac... Jul 10 2008, 06:28 PM Buckeye_Sam We're just about there. :)
Download [color=b... Jul 11 2008, 03:03 PM KTRJ720 It seems to be back to normal, with the exception ... Jul 12 2008, 09:20 PM Buckeye_Sam It's likely that Trendmicro will suddenly noti... Jul 13 2008, 09:35 AM KTRJ720 Done! I can't thank you enough. My life is... Jul 15 2008, 01:39 AM Buckeye_Sam I'm glad I could help you out! :) Jul 15 2008, 10:05 AM
Buckeye_Sam Now that your problem appears to be resolved, this... Jul 25 2008, 06:35 AM  |
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 09:33 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.