Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan & Spyware, Hijacked Browser, Intefering With Spyware Removal Programs (awtqnkhe.dll)


  • This topic is locked This topic is locked
2 replies to this topic

#1 jwbowyer

jwbowyer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 May 2008 - 03:43 PM

A couple days ago I found myself infected with spyware and trojans. My virus scanner started blocking repeated trojan attacks, and I found that my Firefox browser was messed up. I could not run searches on google, access my gmail account, or go onto youtube. Things that I could do in IE or if I ran my computer in safe mode w/ networking. I ran adaware personal and removed one trojan, but still my browser was messed up and not allowing me to view certain sites and overall acting really slow.

I downloaded the HijackThis program and resolved to get a log and see if I could spot anything, and perhaps upload it to one of the many forums that offer help. I ran the scan and noticed that I could upload the log to trendmicro, I tried that and the entire program shut down with an error. I hit the "more info" button, and saw a specific dll in my windows/system32 directory looked to have interfered with it. It was an "awtqnkhe.dll." I went into safe mode to try and delete it as that has worked in the past, and I had no luck removing it. I ran the combofix program, but that seems to have helped little if at all

Today, I started to work on the problem again and its only worsened. I get frequent error messages especially when browsing something like "My Computer." They'll say that there are problems with a rundll32.exe and needs to be shut down, among other myriad of messages. At times I'll get a buffer overflow which forces explorer to shut down. When shutting down my pc the XPCOMEventReciever usually has trouble closing and I get a message for that. I come to this site to try and post my logs and found that Internet explorer started refreshing over and over and over as if to stop me from getting help. Finally I emailed myself the logs through yahoo which I could access (gmail wasn't loading in both firefox and IE) and am now on another pc. Can anyone help me? I could almost swear the malware is actively stopping my pc from accessing any form of help.

Logs are below. I was not able to do a Kaspersky scan. Halfway through the download process I get a message saying it cannot continue as the definitions were not able to be updated and that I needed to be connected to the internet. All activeX controls were allowed, so I don't know what went wrong, paranoia says the malware interfered.

HijackThis Log (Through DSS)
Deckard's System Scanner v20071014.68
Run by Jonathon Bowyer on 2008-05-11 13:55:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-05-11 17:55:15 UTC - RP9 - Deckard's System Scanner Restore Point
8: 2008-05-11 17:12:40 UTC - RP8 - Last known good configuration
7: 2008-05-11 17:12:36 UTC - RP7 - Last known good configuration
6: 2008-05-11 17:12:36 UTC - RP6 - ComboFix created restore point
5: 2008-05-11 17:12:36 UTC - RP5 - Last known good configuration


-- First Restore Point --
1: 2008-05-11 17:12:36 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jonathon Bowyer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:10 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\windows\system32\LxrJD31s.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\windows\Explorer.EXE
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\QuickTime\QTTask.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\HP\HP Mouse\panel.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\TDdownload\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathon Bowyer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\System32\gigagetbho_v10.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {430793B3-0A05-466D-8F32-EC33DEF526A5} - C:\windows\system32\ddcAtqRJ.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8CD6C528-7675-4F16-8AB5-6EADE6C3420B} - C:\windows\system32\awtqnkhe.dll
O2 - BHO: (no name) - {E243A8E7-6244-49E0-A361-22DBF30FD46C} - C:\windows\system32\vtUooPjJ.dll
O2 - BHO: {820a2309-bd5f-a3f9-b234-871aa8e9201f} - {f1029e8a-a178-432b-9f3a-f5db9032a028} - C:\windows\system32\jrlkrgfn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM9bdb2312] Rundll32.exe "C:\windows\system32\lpcihrpc.dll",s
O4 - HKLM\..\Run: [98e8108e] rundll32.exe "C:\windows\system32\owybtbyu.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: NewShortcut1.lnk = ?
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F091885-8A80-478E-8F48-C53508CA12FD} (DekaronAutoPlay Control) - http://file.dekaron.co.kr/_DownUtil/syscab/Dekaron.CAB
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174169097250
O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) - http://legendofares.netgame.com/download/MusaLauncherNew.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.20/ttinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: vtUooPjJ - C:\windows\SYSTEM32\vtUooPjJ.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Avpclatl - GRISOFT, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\windows\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13614 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 AR5211 (NETGEAR WPN311 V1H3 Wireless Adapter Service) - c:\windows\system32\drivers\wpn311.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 HidMouse - c:\windows\system32\drivers\hidmouse.sys <Not Verified; Office HID Mouse; 8 keys Office Mouse>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\bvrpmpr5.sys <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 XDva090 - c:\windows\system32\xdva090.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R2 OrbMediaService - "c:\program files\winamp remote\bin\orbmediaservice.exe" <Not Verified; Orb Networks; Orb>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 Avpclatl -
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-09 18:28:00 284 --a------ C:\windows\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 13:47:22 133120 --a------ C:\windows\system32\jrlkrgfn.dll
2008-05-11 13:44:21 116736 --a------ C:\windows\system32\owybtbyu.dll
2008-05-11 13:42:09 126976 --a------ C:\windows\system32\lpcihrpc.dll
2008-05-11 13:41:21 1038540 --ahs---- C:\windows\system32\JRqtAcdd.ini2
2008-05-11 13:41:16 371200 --a------ C:\windows\system32\ddcAtqRJ.dll
2008-05-11 13:14:10 0 d-------- C:\windows\system32\Kaspersky Lab
2008-05-11 13:14:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 12:48:26 133120 --a------ C:\windows\system32\eewxudck.dll
2008-05-11 12:45:27 116736 -----n--- C:\windows\system32\tihugvxv.dll
2008-05-11 12:42:26 126976 --a------ C:\windows\system32\awakhdsv.dll
2008-05-11 12:26:33 133120 --a------ C:\windows\system32\uhggrhdp.dll
2008-05-11 12:24:12 126976 --a------ C:\windows\system32\jbtvkafq.dll
2008-05-11 10:57:00 133120 --a------ C:\windows\system32\xjwksxxd.dll
2008-05-11 10:48:00 126976 --a------ C:\windows\system32\bjofcnbq.dll
2008-05-11 10:42:15 133120 --a------ C:\windows\system32\aoytujbx.dll
2008-05-11 10:36:24 116736 -----n--- C:\windows\system32\axrqtykl.dll
2008-05-11 10:36:09 126976 --a------ C:\windows\system32\ktsvjqaf.dll
2008-05-11 10:32:40 371200 -----n--- C:\windows\system32\geBrrSMg.dll
2008-05-10 21:09:06 134656 --a------ C:\windows\system32\xpqujcpl.dll
2008-05-10 21:09:03 114176 -----n--- C:\windows\system32\mqnrityb.dll
2008-05-10 21:06:48 125440 --a------ C:\windows\system32\myerdofj.dll
2008-05-10 20:39:52 68096 --a------ C:\windows\zip.exe
2008-05-10 20:39:52 49152 --a------ C:\windows\VFind.exe
2008-05-10 20:39:52 212480 --a------ C:\windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-10 20:39:52 136704 --a------ C:\windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-10 20:39:52 161792 --a------ C:\windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-10 20:39:52 98816 --a------ C:\windows\sed.exe
2008-05-10 20:39:52 80412 --a------ C:\windows\grep.exe
2008-05-10 20:39:52 73728 --a------ C:\windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-10 20:12:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-10 20:12:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-10 19:47:16 0 d-------- C:\Program Files\Trend Micro
2008-05-10 11:56:18 134656 --a------ C:\windows\system32\datomvax.dll
2008-05-10 11:56:10 125440 --a------ C:\windows\system32\epgsojyq.dll
2008-05-10 04:15:09 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Desktop Sidebar
2008-05-10 04:14:43 0 d-------- C:\Program Files\Desktop Sidebar
2008-05-10 01:17:53 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Logs
2008-05-10 01:04:02 0 d-------- C:\Logs
2008-05-10 00:39:16 967 --a------ C:\windows\ScUnin.pif
2008-05-10 00:39:16 94208 --a------ C:\windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-10 00:39:16 35190 --a------ C:\windows\scunin.dat
2008-05-10 00:38:23 0 d-------- C:\Program Files\Starcraft
2008-05-09 23:54:14 373248 --a------ C:\windows\system32\awtqnkhe.dll
2008-05-09 23:48:47 57856 --a------ C:\windows\system32\vtUooPjJ.dll
2008-05-09 23:48:46 0 d-------- C:\Extracted
2008-05-09 20:05:25 0 d-------- C:\Program Files\World of Warcraft
2008-04-29 21:09:02 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-29 18:23:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-26 01:15:40 0 d-------- C:\Program Files\Maxis
2008-04-26 01:14:28 96256 --a------ C:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-04-26 01:14:27 0 d-------- C:\Program Files\MagicDisc
2008-04-22 23:29:50 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Ubisoft
2008-04-22 23:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-22 23:18:48 0 d-------- C:\Program Files\Ubisoft
2008-04-22 23:18:32 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\InstallShield
2008-04-15 18:01:23 0 d-------- C:\Program Files\PeerGuardian2
2008-04-13 20:36:17 0 d-------- C:\Program Files\GPLGS
2008-04-13 20:33:51 0 d-------- C:\Program Files\Acro Software
2008-04-13 16:41:25 0 d-------- C:\Program Files\Finale 2008
2008-04-12 02:17:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-05-11 12:37:48 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Xfire
2008-05-11 10:15:51 0 d-------- C:\Program Files\Winamp Remote
2008-05-10 20:53:55 0 d-------- C:\Program Files\Bonjour
2008-05-10 20:06:33 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\AVG7
2008-05-10 19:33:25 0 d-------- C:\Program Files\Sierra
2008-05-10 17:41:48 1324 --a------ C:\windows\system32\d3d9caps.dat
2008-05-10 12:20:56 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\uTorrent
2008-05-10 11:00:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 03:45:13 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-09 20:13:02 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-09 19:01:13 0 d---s---- C:\Program Files\Xfire
2008-05-08 16:27:15 0 d-------- C:\Program Files\SpeedFan
2008-05-05 19:59:14 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\LimeWire
2008-05-04 19:34:25 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Adobe
2008-05-04 19:34:21 0 d-------- C:\Program Files\Common Files
2008-05-04 13:13:45 0 d-------- C:\Program Files\Java
2008-05-01 18:56:44 0 d-------- C:\Program Files\uTorrent
2008-04-29 21:13:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-17 16:26:25 0 d-------- C:\Program Files\DivX
2008-04-15 18:59:54 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-15 18:58:20 0 d-------- C:\Program Files\Microsoft Games
2008-04-12 02:17:08 0 d-------- C:\Program Files\Lavasoft
2008-04-12 02:16:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-07 20:25:43 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\dvdcss
2008-04-06 15:42:52 0 d-------- C:\Program Files\Finale NotePad 2008
2008-03-31 17:25:48 823296 --a------ C:\windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\windows\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 13:26:06 0 d-------- C:\Program Files\Winamp
2008-03-29 11:03:22 0 d-------- C:\Program Files\Activision
2008-03-21 16:30:08 3596288 --a------ C:\windows\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\windows\system32\DivXWMPExtType.dll
2008-03-18 18:47:24 0 d-------- C:\Program Files\GamesCampus
2008-03-13 15:36:05 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Bioshock
2008-03-12 17:06:39 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Alien Skin
2008-03-12 15:54:52 0 d-------- C:\Documents and Settings\Jonathon Bowyer\Application Data\Macromedia
2008-02-22 19:09:15 71168 --a------ C:\windows\system32\LxrJD31s.exe
2008-02-22 19:09:15 146432 --a------ C:\windows\system32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-02-22 19:09:15 163840 --a------ C:\windows\system32\LxrJD31c.exe
2008-02-22 19:09:15 249856 --a------ C:\windows\system32\LxrJD31.dll
2008-02-22 19:09:15 61440 --a------ C:\windows\system32\LxrJD20Sat.dll
2008-02-17 01:43:08 669184 --a------ C:\windows\system32\pbsvc.exe
2008-02-14 16:42:34 1100 --a------ C:\windows\system32\d3d8caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430793B3-0A05-466D-8F32-EC33DEF526A5}]
05/11/2008 01:41 PM 371200 --a------ C:\windows\system32\ddcAtqRJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CD6C528-7675-4F16-8AB5-6EADE6C3420B}]
05/09/2008 11:54 PM 373248 --a------ C:\windows\system32\awtqnkhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]
05/09/2008 11:48 PM 57856 --a------ C:\windows\system32\vtUooPjJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f1029e8a-a178-432b-9f3a-f5db9032a028}]
05/11/2008 01:47 PM 133120 --a------ C:\windows\system32\jrlkrgfn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [02/17/2006 11:40 AM]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 AM C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 02:41 AM C:\WINDOWS\system32\nwiz.exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 05:40 PM]
"Xfire Music"="C:\Program Files\Xfire\xfiremusic.exe" [11/20/2006 10:12 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/22/2008 08:14 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [07/16/2003 04:22 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [07/16/2003 04:23 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [07/16/2003 04:23 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [08/06/2007 08:05 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 05:48 PM]
"VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VDTask.exe" [07/18/2007 01:55 AM]
"RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" [03/02/2007 02:48 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [12/05/2007 02:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [06/13/2006 08:05 AM C:\WINDOWS\RTHDCPL.exe]
"EPSON Stylus CX3800 Series"="C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [02/08/2005 05:00 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"BM9bdb2312"="C:\windows\system32\lpcihrpc.dll" [05/11/2008 01:42 PM]
"98e8108e"="C:\windows\system32\owybtbyu.dll" [05/11/2008 01:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 02:32 PM]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Aim6"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [03/27/2007 03:22 PM]
"nHancer"="C:\Program Files\nHancer\nHancer.exe" []
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [01/07/2008 04:02 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"SIDEBAR"="C:\Program Files\Desktop Sidebar\dsidebar.exe" []

C:\Documents and Settings\Jonathon Bowyer\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [4/26/2008 1:14:27 AM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [4/22/2008 6:29:52 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/29/2008 6:23:04 PM]
NETGEAR WPN311 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe [2/22/2006 2:49:28 PM]
NewShortcut1.lnk - C:\Program Files\HP\HP Mouse\panel.exe [3/10/2007 9:06:28 PM]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [6/28/2007 11:11:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E243A8E7-6244-49E0-A361-22DBF30FD46C}"= C:\windows\system32\vtUooPjJ.dll [05/09/2008 11:48 PM 57856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUooPjJ]
vtUooPjJ.dll 05/09/2008 11:48 PM 57856 C:\WINDOWS\system32\vtUooPjJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 05/10/2008 03:51 AM 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\windows\system32\ddcAtqRJ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22abb050-e0bf-11dc-8fdb-00184d6e2475}]
AutoRun\command- H:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63f098ee-1314-11dd-97d8-001921742d33}]
AutoRun\command- E:\Autorun.exe /run
Shell00\Command- E:\Autorun.exe /run
Shell01\Command- E:\Autorun.exe /action
Shell02\Command- E:\Autorun.exe /uninstall




-- End of Deckard's System Scanner: finished at 2008-05-11 13:57:11 ------------






Extra Log (Through DSS)
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 2047.48 MiB / 1345.66 MiB
Pagefile Memory (total/avail): 2665.54 MiB / 1985.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 112.56 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation)
AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Disabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Disabled:Orb Application"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"="C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe:*:Enabled:Gigaget"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jonathon Bowyer\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JONATHONSCOMPUT
ComSpec=C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jonathon Bowyer
LOGONSERVER=\\JONATHONSCOMPUT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\windows\system32;C:\windows;C:\windows\system32\wbem;C:\PROGRAM FILES\COMMON FILES\ULEAD SYSTEMS\MPEG;C:\PROGRA~1\FARSTONE\VIRTUA~1;C:\PROGRAM FILES\FARSTONE\VIRTUALDRIVE\VDP;C:\PROGRA~1\FARSTONE\VIRTUA~1\DVDCRE~1;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_12\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\windows
TEMP=C:\DOCUME~1\JONATH~1\LOCALS~1\Temp
THUNDER_HOME=C:\Program Files\Giganology\Gigaget\
TMP=C:\DOCUME~1\JONATH~1\LOCALS~1\Temp
USERDOMAIN=JONATHONSCOMPUT
USERNAME=Jonathon Bowyer
USERPROFILE=C:\Documents and Settings\Jonathon Bowyer
windir=C:\windows


-- User Profiles ---------------------------------------------------------------

Jonathon Bowyer (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AbiWord 2.4.6 (remove only) --> C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AdVantage (Powering DAEMON Tools) --> "C:\Program Files\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports DAEMON Tools.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Alpha Galaxy Screensaver --> C:\Program Files\adni18\Alpha Galaxy\Uninstall.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Coop Warfare 0.6 --> "C:\Program Files\Sierra\FEARCombat\Uninstall_Coop-Warfare_0.6\Uninstall_Coop_Warfare.exe" "/U:C:\Program Files\Sierra\FEARCombat\Uninstall_Coop-Warfare_0.6\uninstall.xml"
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DesignWorkshop Lite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DesignWorkshop Lite\Uninst.isu"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
Disney's Toontown Online --> C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Disney Toontown Online --> C:\Program Files\Disney\Disney Online\ToontownOnline\uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EPSON Printer Software --> C:\windows\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
EVEMon --> C:\Program Files\EVEMon\uninstall.exe
FEARCombat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
Finale 2008 --> C:\Program Files\Finale 2008\uninstallFinale.exe
Finale NotePad 2008 --> C:\Program Files\Finale NotePad 2008\uninstallNP.exe
FreeMind --> "G:\FreeMind\unins000.exe"
Futuremark SystemInfo --> C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GameGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E63241F0-B658-4B38-AF2F-CD14108B0467}\Setup.exe" -l0x9
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GCFScape 1.6.6 --> "C:\Program Files\GCFScape\unins000.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Gigaget --> "C:\Program Files\Giganology\Gigaget\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Mouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235C3A50-559F-4CAA-BAC3-4CC9ABF51976}\setup.exe" -l0x9 -removeonly
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JD Secure 3.1 --> C:\windows\System32\JDSecure31.exe /u
Kaspersky Online Scanner --> C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MapleStory --> MsiExec.exe /I{48C8B29D-BCDE-4D5B-BDA5-A3EC87623C68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPlugin --> "C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Narbacular Drop version 1.4 --> "C:\Program Files\Narbacular Drop\unins000.exe"
Nero 7 Essentials --> MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
NETGEAR WPN311 Wireless Adapter --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB938897-211A-4999-9749-236D2E8E464A}
NVIDIA Drivers --> C:\windows\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services --> C:\windows\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody Player Engine --> MsiExec.exe /I{6A136B9A-1895-436F-83F8-30D9C68BB6EA}
RoughDraft 3.0 --> "C:\Program Files\RoughDraft\uninstall.exe"
RRR2_Screensaver --> C:\Program Files\RRR2_Screensaver\uninstall.exe
Sibelius Scorch Plugin --> "C:\Program Files\Musicnotes\uninstsc.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Starcraft --> C:\windows\SCunin.exe C:\windows\SCunin.dat
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
t@b ZS4 Video Editor v0.958-686 --> "C:\Program Files\t@b\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Terragen 2 Technology Preview --> MsiExec.exe /I{89B95F62-2D8F-461A-929D-5275C8C67834}
The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VirtualDrive Pro --> "C:\Program Files\FarStone\VirtualDrive\Setup.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb --> C:\Program Files\WordWeb\uninst.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Xfire Plus: Music Plugin --> "C:\Program Files\Xfire Plus\Music Plugin\Uninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
yWriter4 --> "C:\Program Files\yWriter4\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4887 / Error
Event Submitted/Written: 05/11/2008 01:44:54 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x77124c05.
Processing media-specific event for [ctfmon.exe!ws!]

Event Record #/Type4886 / Error
Event Submitted/Written: 05/11/2008 01:42:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x02371569.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type4879 / Error
Event Submitted/Written: 05/11/2008 01:14:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application gnotify.exe, version 1.0.25.0, faulting module wininet.dll, version 7.0.6000.16640, fault address 0x0001d381.
Processing media-specific event for [gnotify.exe!ws!]

Event Record #/Type4878 / Error
Event Submitted/Written: 05/11/2008 01:13:48 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x77124c05.
Processing media-specific event for [ctfmon.exe!ws!]

Event Record #/Type4865 / Error
Event Submitted/Written: 05/11/2008 11:28:23 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 757131753.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type143681 / Error
Event Submitted/Written: 05/10/2008 09:27:00 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type143613 / Error
Event Submitted/Written: 05/10/2008 08:28:10 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type143586 / Error
Event Submitted/Written: 05/10/2008 08:22:29 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type143582 / Error
Event Submitted/Written: 05/10/2008 08:09:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsW
Avg7RsXP
Fips
intelppm
SCDEmu

Event Record #/Type143581 / Error
Event Submitted/Written: 05/10/2008 08:08:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-05-11 13:57:11 ------------


Thanks for anyone who tries and helps.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:12 AM

Posted 30 May 2008 - 12:11 AM

Hello jwbowyer,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:12 AM

Posted 15 June 2008 - 02:52 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users