Articles

Search Engine Virus

December 4, 2009 at 12:18:49
Specs: Windows XP

I have a virus or malware that is redirecting
links on every search engine I use...google,
bing, and yahoo. I have scanned with
Malwarebytes and Ad-Aware neither have
found anything. It redirects to websites like
(http://www.stopsign.com)

Any Ideas?


See More: Search Engine Virus

Report •


#1
December 4, 2009 at 15:22:56

We will need to make a few scans to try to find the infected files.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.


Report •

#2
December 5, 2009 at 09:34:45

Here is the log file

Logfile of random's system information tool 1.06 (written by
random/random)
Run by Jeff Love at 2009-12-05 12:33:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (63%) free of 50 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:24 PM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sophos\Sophos Anti-
Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jeff Love\My
Documents\Downloads\RSIT.exe
c:\dell\E-center\gtb.exe
c:\dell\E-center\gtb2.exe
C:\Program Files\trend micro\Jeff Love.exe
c:\dell\E-center\gtb.exe
c:\dell\E-center\gtb2.exe

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = http://go.microsoft.com/fwlink/?Lin...
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-
4C44-A4BC-297ADA8FD235} - C:\Program
Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-
61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-
4243D8127440} - C:\Program
Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-
9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program
Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
/runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator]
Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program
Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program
Files\Sophos\AutoUpdate\ALMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-
8081-5663EE0C6C49} -
C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-
7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} -
C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-
00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windows...
x86/client/wuweb_site.cab?1255711381671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://fpdownload2.macromedia.com/g...
h/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-
A375-3CB6248B04CD} -
C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision
Europe Ltd. - C:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter
(SAVAdminService) - Sophos Plc - C:\Program
Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc
- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc -
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 7332 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-
3821832738-3874519867-1860722705-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-
3821832738-3874519867-1860722705-1005UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-
B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program
Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2009-10-17
240680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-
b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll
[2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar -
C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10
1174920]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar -
C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29
67584]
"SynTPEnh"=C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-28 761947]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-
16 397312]
"ATICCC"=C:\Program Files\ATI
Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06
127035]
"ECenter"=c:\dell\E-Center\gtb.exe [2006-02-22 49152]
"MSKDetectorExe"=C:\Program
Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12
1117184]
"Malwarebytes Anti-Malware (reboot)"=C:\Program
Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10
1312080]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe
[2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe
[2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2005-12-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Jeff Love\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009-10-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe [2005-06-10
249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe [2005-06-10
81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28
141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13
1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26
180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and Settings^All
Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office10\OSA.EXE []

C:\Documents and Settings\All Users\Start
Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program
Files\Sophos\AutoUpdate\ALMon.exe

C:\Documents and Settings\Jeff Love\Start
Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program
Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-15 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-
94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18
133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-
52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office12\GRA8E
1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royal
e\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the
me

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\
sharedaccess\parameters\firewallpolicy\standardprofile\authori
zedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\se
ssmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common
Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common
Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program
Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program
Files\Messenger\msmsgs.exe:*:Enabled:Windows
Messenger"
"%windir%\Network
Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program
Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program
Files\Bonjour\mDNSResponder.exe"="C:\Program
Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office
Outlook"
"C:\Program Files\Microsoft
Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft
Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office
Groove"
"C:\Program Files\Microsoft
Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft
Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office
OneNote"
"C:\Program Files\AIM\aim.exe"="C:\Program
Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program
Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\
sharedaccess\parameters\firewallpolicy\domainprofile\authoriz
edapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\se
ssmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common
Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common
Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common
Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program
Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network
Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\current
version\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-
806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1
months======

2009-12-05 12:33:59 ----D---- C:\Program Files\trend micro
2009-12-05 12:33:58 ----D---- C:\rsit
2009-12-03 16:48:43 ----D---- C:\Program Files\NCH Software
2009-12-03 16:31:50 ----D---- C:\Documents and Settings\All
Users\Application Data\NCH Swift Sound
2009-12-03 16:31:49 ----D---- C:\Documents and Settings\Jeff
Love\Application Data\NCH Swift Sound
2009-12-03 16:31:28 ----D---- C:\Program Files\NCH Swift
Sound
2009-12-02 23:35:22 ----D---- C:\Documents and Settings\All
Users\Application Data\Lavasoft
2009-12-01 16:36:12 ----D---- C:\Program Files\Spybot -
Search & Destroy
2009-12-01 16:36:12 ----D---- C:\Documents and Settings\All
Users\Application Data\Spybot - Search & Destroy
2009-11-30 15:56:16 ----AD---- C:\Documents and Settings\All
Users\Application Data\TEMP
2009-11-29 18:57:04 ----A---- C:\WINDOWS\resetlog.txt
2009-11-27 10:43:51 ----HDC----
C:\WINDOWS\$NtUninstallKB939683$
2009-11-24 23:11:51 ----HDC----
C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 23:11:43 ----HDC----
C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 23:11:24 ----HDC----
C:\WINDOWS\$NtUninstallKB929399$
2009-11-24 23:10:12 ----HDC----
C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-11-23 22:05:53 ----N----
C:\WINDOWS\system32\spmsg.dll
2009-11-23 22:05:42 ----HDC----
C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-11-23 22:05:21 ----D---- C:\Program Files\Windows
Media Connect 2
2009-11-23 22:04:59 ----HDC----
C:\WINDOWS\$NtUninstallwmp11$
2009-11-23 22:04:15 ----D----
C:\2efa6decc5a07ae8ce4001c69bc30d
2009-11-23 22:03:34 ----HDC----
C:\WINDOWS\$NtUninstallWMFDist11$
2009-11-23 22:02:44 ----D----
C:\WINDOWS\system32\LogFiles
2009-11-23 22:02:33 ----HDC----
C:\WINDOWS\$NtUninstallWudf01000$
2009-11-23 22:01:37 ----HDC----
C:\WINDOWS\$NtUninstallKB925766$
2009-11-16 02:49:58 ----HDC----
C:\WINDOWS\$NtUninstallKB961118$
2009-11-16 01:21:57 ----A---- C:\WINDOWS\entpack.ini
2009-11-15 03:18:35 ----D----
C:\WINDOWS\system32\XPSViewer
2009-11-15 03:18:14 ----D---- C:\Program Files\Reference
Assemblies
2009-11-15 03:16:47 ----N----
C:\WINDOWS\system32\prntvpt.dll
2009-11-15 03:16:44 ----N----
C:\WINDOWS\system32\xpsshhdr.dll
2009-11-15 03:16:42 ----N----
C:\WINDOWS\system32\xpssvcs.dll
2009-11-12 03:00:33 ----HDC----
C:\WINDOWS\$NtUninstallKB969947$
2009-11-12 01:20:54 ----D----
C:\WINDOWS\system32\appmgmt
2009-11-12 01:15:11 ----D---- C:\WINDOWS\Performance
2009-11-09 00:11:07 ----D---- C:\Program Files\iPod

======List of files/folders modified in the last 1
months======

2009-12-05 12:33:59 ----D---- C:\Program Files
2009-12-04 20:46:36 ----D---- C:\WINDOWS\Temp
2009-12-04 15:13:38 ----D----
C:\WINDOWS\system32\CatRoot2
2009-12-04 10:04:51 ----D---- C:\WINDOWS\Prefetch
2009-12-04 09:51:43 ----A----
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92
Modem.txt
2009-12-04 08:46:06 ----D---- C:\WINDOWS\Registration
2009-12-04 08:45:44 ----D---- C:\WINDOWS
2009-12-04 02:40:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-03 16:19:44 ----D---- C:\WINDOWS\system32
2009-12-03 12:59:57 ----D---- C:\Program Files\iTunes
2009-12-03 12:48:00 ----SHD---- C:\WINDOWS\Installer
2009-12-03 12:47:44 ----DC----
C:\WINDOWS\system32\DRVSTORE
2009-12-03 12:47:44 ----D---- C:\WINDOWS\system32\drivers
2009-12-03 12:02:26 ----D----
C:\WINDOWS\system32\Restore
2009-12-02 23:42:41 ----HD---- C:\WINDOWS\inf
2009-12-02 22:10:30 ----D----
C:\WINDOWS\system32\FxsTmp
2009-12-01 22:43:44 ----RSHD----
C:\WINDOWS\system32\dllcache
2009-11-30 16:12:43 ----D---- C:\Program Files\Common Files
2009-11-30 15:57:08 ----D---- C:\WINDOWS\WinSxS
2009-11-30 15:57:05 ----D---- C:\Program Files\Common
Files\Microsoft Shared
2009-11-30 15:01:09 ----D---- C:\WINDOWS\network
diagnostic
2009-11-29 19:57:45 ----D---- C:\WINDOWS\security
2009-11-29 17:28:43 ----D---- C:\Documents and Settings\Jeff
Love\Application Data\Apple Computer
2009-11-24 23:11:55 ----A---- C:\WINDOWS\imsins.BAK
2009-11-24 23:11:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-24 02:23:28 ----D----
C:\WINDOWS\system32\CatRoot
2009-11-23 22:05:33 ----A---- C:\WINDOWS\win.ini
2009-11-23 22:05:20 ----D---- C:\Program Files\Windows
Media Player
2009-11-23 22:05:12 ----D---- C:\WINDOWS\Help
2009-11-23 22:01:52 ----D---- C:\WINDOWS\ehome
2009-11-22 15:16:44 ----SD---- C:\Documents and
Settings\Jeff Love\Application Data\Microsoft
2009-11-21 22:14:41 ----SHD---- C:\WINDOWS\CSC
2009-11-16 08:58:55 ----RSD---- C:\WINDOWS\assembly
2009-11-16 08:51:16 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-16 02:57:11 ----A----
C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-15 03:18:29 ----D---- C:\WINDOWS\system32\en-us
2009-11-15 03:18:22 ----RSD---- C:\WINDOWS\Fonts
2009-11-15 03:17:42 ----D---- C:\WINDOWS\system32\spool
2009-11-15 03:14:24 ----D---- C:\Program Files\Internet
Explorer
2009-11-12 03:00:50 ----D---- C:\WINDOWS\Debug
2009-11-09 00:11:05 ----D---- C:\Program Files\Common
Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot,
1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver;
C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13
36352]
R1 omci;OMCI WDM Device Driver;
C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13
17153]
R1 SAVOnAccessControl;SAVOnAccessControl;
C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
[2009-10-17 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;
C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
[2009-10-17 38528]
R1 SCDEmu;SCDEmu;
C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26
58908]
R1 sscdbhk5;sscdbhk5;
C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14
5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys
[2004-07-14 23545]
R2 drvnddm;drvnddm;
C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23
40480]
R2 mdmxsdk;mdmxsdk;
C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-
04 12544]
R2 tfsnboio;tfsnboio;
C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs;
C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys
[2004-12-06 4123]
R2 tfsndres;tfsndres;
C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys
[2004-12-06 86586]
R2 tfsnopio;tfsnopio;
C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool;
C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys
[2004-12-06 98714]
R2 tfsnudfa;tfsnudfa;
C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06
100603]
R3 Arp1394;1394 ARP Client Protocol;
C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13
60800]
R3 ati2mtag;ati2mtag;
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-15
1421312]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP
Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
[2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;
C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13
13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;
C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
[2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition
Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
[2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver;
C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13
10368]
R3 HSF_DPV;HSF_DPV;
C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-
01 936960]
R3 HSXHWAZL;HSXHWAZL;
C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-
12-01 192512]
R3 mouhid;Mouse HID Driver;
C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17
12160]
R3 NIC1394;1394 Net Driver;
C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13
61824]
R3 rimmptsk;rimmptsk;
C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-
14 28544]
R3 rimsptsk;rimsptsk;
C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12
51328]
R3 rismxdp;Ricoh xD-Picture Card Driver;
C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14
307968]
R3 sdbus;sdbus;
C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13
79232]
R3 STHDA;SigmaTel High Definition Audio CODEC;
C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16
1047816]
R3 SynTP;Synaptics TouchPad Driver;
C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-28
191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller
Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13
30208]
R3 usbhub;Microsoft USB Standard Hub Driver;
C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13
59520]
R3 USBSTOR;USB Mass Storage Driver;
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-
04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport
Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;
C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04
1428096]
R3 winachsf;winachsf;
C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-
01 669696]
S3 E100B;Intel(R) PRO Adapter Driver;
C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-
17 117760]
S3 MHNDRV;MHN driver;
C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10
11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
[2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver;
C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28
40448]
S3 wanatw;WAN Miniport (ATW);
C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver
Framework Platform Driver;
C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28
77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver
Framework Reflector;
C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28
82944]
S4 agp440;Intel AGP Bus Filter;
C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13
42368]
S4 agpCPQ;Compaq AGP Bus Filter;
C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13
44928]
S4 alim1541;ALI AGP Bus Filter;
C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13
42752]
S4 amdagp;AMD AGP Bus Filter Driver;
C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13
43008]
S4 cbidf;cbidf;
C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17
13952]
S4 IntelIde;IntelIde;
C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13
5504]
S4 s24trans;WLAN Transport;
C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sisagp;SIS AGP Bus Filter;
C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13
40960]
S4 SophosBootDriver;SophosBootDriver;
C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
[2009-10-17 14976]
S4 sr;System Restore Filter Driver;
C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13
73472]
S4 viaagp;VIA AGP Bus Filter;
C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13
42240]

======List of services (R=Running, S=Stopped, 0=Boot,
1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe [2009-08-28
144672]
R2 Ati HotKey Poller;Ati HotKey Poller;
C:\WINDOWS\system32\Ati2evxx.exe [2006-02-15 405504]
R2 Bonjour Service;Bonjour Service; C:\Program
Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service;
C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service;
C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service;
C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 SAVAdminService;Sophos Anti-Virus status reporter;
C:\Program Files\Sophos\Sophos Anti-
Virus\SAVAdminService.exe [2009-11-03 80936]
R2 SAVService;Sophos Anti-Virus; C:\Program
Files\Sophos\Sophos Anti-Virus\SavService.exe [2009-10-17
98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-10-17
172032]
R3 iPod Service;iPod Service; C:\Program
Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13
267776]
S3 aspnet_state;ASP.NET State Service;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_
state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime
Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsv
w.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe [2009-10-17 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font
Cache 3.0.0.0;
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presentat
ionFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace;
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-
04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office
Groove Audit Service; C:\Program Files\Microsoft
Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program
Files\Common Files\Microsoft
Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26
145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing
Service; C:\Program Files\Windows Media
Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver
Framework; C:\WINDOWS\system32\svchost.exe [2008-04-
13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\SMSvcHost.exe [2008-07-29
132096]

-----------------EOF-----------------


Report •

#3
December 5, 2009 at 09:35:26

And here is the info file

info.txt logfile of random's system information tool 1.06 2009-
12-05 12:34:29

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-
846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-
2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-
97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-
4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall
132 C:\WINDOWS\INF\PCHealth.inf
924PLC32-->MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-
A5D0E3C66240}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe
/I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-
0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-
FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-
A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-
6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-
40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-
9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe
/I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-
BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-
E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-
6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe
/I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-
B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-
F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-
F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX--
>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.
exe
Adobe Flash Player 10 Plugin--
>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.e
xe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-
B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-
465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-
42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-
4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common
Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\S
etup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-
4985-BACB-398DC480FC05}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-
7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-
4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-
4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-
4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-
9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-
492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe
/I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-
4A41-ACF7-1450E523C923}
AIM 7-->C:\Program Files\AIM\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-
B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-
4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-
C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-
4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-
96357B70F4FE}
ATI Catalyst Control Center-->MsiExec.exe /I{0D251F37-
10CB-46DF-BFA0-4702218DB0B6}
ATI Display Driver-->rundll32
C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_
RunDLL@16 -force_restart -flags:0x2010001 -
inf_class:DISPLAY -clean
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-
E3CE-40B4-9463-80A9B3481DEF}
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-
3D777245C35B}
Broadcom Management Programs-->MsiExec.exe
/I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only)-->"C:\Program
Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem-->C:\Program
Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DE
V_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -
Idel1028p.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital
Jukebox Drivers\DrvUnins.exe /s
Download Updater (AOL LLC)-->C:\Program Files\Common
Files\Software Update Utility\uninstall.exe
ELIcon-->MsiExec.exe /I{4667B940-BB01-428B-986E-
A0CC46497BF7}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro
5\unins000.exe"
High Definition Audio Driver Package - KB835221--
>C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spunin
st.exe
HijackThis 2.0.2-->"C:\Program Files\trend
micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)--
>C:\WINDOWS\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall
/qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)--
>C:\WINDOWS\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall
{A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+
REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)--
>"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.e
xe"
Hotfix for Windows Media Player 10 (KB903157)--
>"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.e
xe"
Hotfix for Windows Media Player 11 (KB939683)--
>"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.e
xe"
Hotfix for Windows XP (KB952287)--
>"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.e
xe"
Hotfix for Windows XP (KB961118)--
>"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.e
xe"
Hotfix for Windows XP (KB970653-v3)--
>"C:\WINDOWS\$NtUninstallKB970653-
v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)--
>"C:\WINDOWS\$NtUninstallKB976098-
v2$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-
BAAA436DB178}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe
/I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Last.fm 1.5.4.24567-->"C:\Program
Files\Last.fm\unins000.exe"
Macromedia Shockwave Player--
>C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.
EXE
C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program
Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-
A66EBE257120}
Microsoft .NET Framework 1.0 Hotfix (KB953295)--
>"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.e
xe"
Microsoft .NET Framework 1.1 Security Update (KB953297)--
>"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Update
s\hotfix.exe"
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\
M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-
9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2--
>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-
6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2--
>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-
B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1--
>C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft
.NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe
/I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP--
>"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu
ninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe
/X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007--
>MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program
Files\Common Files\Microsoft Shared\OFFICE12\Office Setup
Controller\setup.exe" /uninstall ENTERPRISE /dll
OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-
0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe
/X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe
/X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007--
>MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe
/X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe
/X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe
/X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007--
>MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe
/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe
/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe
/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe
/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe
/X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe
/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007--
>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe
/X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0--
>"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.
exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-
5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-
21E6EC160475}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program
Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP
D:\
Microsoft Works Suite Add-in for Microsoft Word--
>MsiExec.exe /I{17E3A651-12B9-4149-BAE8-
E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-
9B18-475B81D393F1}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-
824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-
F4DC-41A2-901E-8C11F044BDEC}
ObjectDock--
>C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE
C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-
410ECF7F70A5}
PowerDVD 5.7-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\C
tor.dll,LaunchSetup "C:\Program Files\InstallShield
Installation Information\{6811CAA0-BF12-11D4-9EA1-
0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-
1C115CAADDAD}
Security Update for Windows Internet Explorer 8 (KB971961)--
>"C:\WINDOWS\ie8updates\KB971961-
IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)--
>"C:\WINDOWS\ie8updates\KB974455-
IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)--
>"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player (KB954155)--
>"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player (KB968816)--
>"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player (KB973540)--
>"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spu
ninst.exe"
Security Update for Windows Media Player 11 (KB954154)--
>"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\sp
uninst.exe"
Security Update for Windows XP (KB923561)--
>"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB941569)--
>"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB946648)--
>"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB950762)--
>"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB950974)--
>"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB951066)--
>"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB951376-v2)--
>"C:\WINDOWS\$NtUninstallKB951376-
v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)--
>"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB952004)--
>"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB952954)--
>"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB954459)--
>"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB955069)--
>"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956572)--
>"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956744)--
>"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956802)--
>"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956803)--
>"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB956844)--
>"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB957097)--
>"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958644)--
>"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958687)--
>"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB958869)--
>"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB959426)--
>"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960225)--
>"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960803)--
>"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB960859)--
>"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB961371-v2)--
>"C:\WINDOWS\$NtUninstallKB961371-
v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)--
>"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB968537)--
>"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB969059)--
>"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB969947)--
>"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB970238)--
>"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971486)--
>"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971557)--
>"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971633)--
>"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971657)--
>"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB971961)--
>"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973354)--
>"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973507)--
>"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973525)--
>"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB973869)--
>"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974112)--
>"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974455)--
>"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB974571)--
>"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB975025)--
>"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.e
xe"
Security Update for Windows XP (KB975467)--
>"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.e
xe"
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-
B7FC-37053B524629}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-
2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-
A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-
4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-
9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-
4AC9-899B-DBF226AC9382}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-
448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-
49A1-9EBA-A3F187AD502E}
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-
BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-
42BE-B2B3-281952DA014D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program
Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)--
>C:\WINDOWS\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall
{B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+
REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)--
>"C:\WINDOWS\ie8updates\KB973874-
IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)--
>"C:\WINDOWS\ie8updates\KB976749-
IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)--
>"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.e
xe"
Update for Windows XP (KB967715)--
>"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.e
xe"
Update for Windows XP (KB968389)--
>"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.e
xe"
Update for Windows XP (KB973687)--
>"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.e
xe"
Update for Windows XP (KB973815)--
>"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.e
xe"
Update Rollup 2 for Windows XP Media Center Edition 2005--
>C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.ex
e
Viewpoint Media Player-->C:\Program
Files\Viewpoint\Viewpoint Experience
Technology\mtsAxInstaller.exe /u
WavePad Sound Editor-->C:\Program Files\NCH Swift
Sound\WavePad\uninst.exe
Windows Internet Explorer 8--
>"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program
Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--
>"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.
exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more
information]--
>C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spunins
t.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-
4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows
Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--
>"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246--
>"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.e
xe"
Windows XP Media Center Edition 2005 KB925766--
>"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.e
xe"
Windows XP Media Center Edition 2005 KB973768--
>"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.e
xe"
Windows XP Service Pack 3--
>"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst
.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Sophos Anti-Virus

======System event log======

Computer Name: JEFF
Event Code: 1003
Message: Your computer was not able to renew its address
from the network (from the
DHCP Server) for the Network Card with network address
00130298E207. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on
its own from
the network address (DHCP) server.

Record Number: 1973
Source Name: Dhcp
Time Written: 20091028140141.000000-240
Event Type: warning
User:

Computer Name: JEFF
Event Code: 256
Message: Timed out sending notification of device interface
change to window of "DeviceDetectionWindow"

Record Number: 1896
Source Name: PlugPlayManager
Time Written: 20091027134727.000000-240
Event Type: warning
User:

Computer Name: JEFF
Event Code: 256
Message: Timed out sending notification of device interface
change to window of "DeviceDetectionWindow"

Record Number: 1895
Source Name: PlugPlayManager
Time Written: 20091027134727.000000-240
Event Type: warning
User:

Computer Name: JEFF
Event Code: 256
Message: Timed out sending notification of device interface
change to window of "DeviceDetectionWindow"

Record Number: 1894
Source Name: PlugPlayManager
Time Written: 20091027134727.000000-240
Event Type: warning
User:

Computer Name: JEFF
Event Code: 256
Message: Timed out sending notification of device interface
change to window of "DeviceDetectionWindow"

Record Number: 1893
Source Name: PlugPlayManager
Time Written: 20091027134727.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: JEFF
Event Code: 1004
Message: Detection of product '{1A15507A-8551-4626-915D-
3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-
53F3-469B-842F-2CE17B80840C}' failed. The resource
'HKEY_CURRENT_USER\Software\Corel\Auto
Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval'
does not exist.

Record Number: 6
Source Name: MsiInstaller
Time Written: 20091016124231.000000-240
Event Type: warning
User: JEFF\Jeff Love

Computer Name: JEFF
Event Code: 1001
Message: Detection of product '{1A15507A-8551-4626-915D-
3D5FA095CC1B}', feature '_ISUS' failed during request for
component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 5
Source Name: MsiInstaller
Time Written: 20091016124229.000000-240
Event Type: warning
User: JEFF\Jeff Love

Computer Name: JEFF
Event Code: 1004
Message: Detection of product '{1A15507A-8551-4626-915D-
3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-
53F3-469B-842F-2CE17B80840C}' failed. The resource
'HKEY_CURRENT_USER\Software\Corel\Auto
Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval'
does not exist.

Record Number: 4
Source Name: MsiInstaller
Time Written: 20091016124229.000000-240
Event Type: warning
User: JEFF\Jeff Love

Computer Name: JEFF
Event Code: 1001
Message: Detection of product '{1A15507A-8551-4626-915D-
3D5FA095CC1B}', feature '_ISUS' failed during request for
component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Record Number: 3
Source Name: MsiInstaller
Time Written: 20091016124229.000000-240
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: JEFF
Event Code: 1004
Message: Detection of product '{1A15507A-8551-4626-915D-
3D5FA095CC1B}', feature '_ISUS', component '{ACD935F6-
53F3-469B-842F-2CE17B80840C}' failed. The resource
'HKEY_CURRENT_USER\Software\Corel\Auto
Update\{1A15507A-8551-4626-915D-3D5FA095CC1B}\Interval'
does not exist.

Record Number: 2
Source Name: MsiInstaller
Time Written: 20091016124229.000000-240
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%Syste
mRoot%\System32\Wbem;C:\Program Files\ATI
Technologies\ATI.ACE\;C:\Program
Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14
Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.W
SF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic
Shared\Sonic Central\
"CLASSPATH"=.;C:\Program
Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program
Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

Related Solutions

#4
December 5, 2009 at 14:16:17

Here is the Gmer Log

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 17:12:31
Windows 5.1.2600 Service Pack 3
Running: 9mi8nzqz.exe; Driver:
C:\DOCUME~1\JEFFLO~1\LOCALS~1\Temp\pxtdypob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs
savonaccessfilter.sys (SAV On-access and HIPS for
Windows XP (x86)/Sophos Plc)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0
SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1
SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat
savonaccessfilter.sys (SAV On-access and HIPS for
Windows XP (x86)/Sophos Plc)

Device \FileSystem\Fs_Rec
\FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter
Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec
\FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter
Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec
\FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter
Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec
\FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter
Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec
\FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter
Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs
tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\atapi \Device\Harddisk0\DR0
8A6E8618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys
suspicious modification

---- EOF - GMER 1.0.15 ----


Report •

#5
December 5, 2009 at 19:36:36

Remember..your Sophos antivirus and Spybot must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
December 7, 2009 at 11:12:24

Here is the Combo Fix Log

ComboFix 09-12-06.A3 - Jeff Love 12/07/2009 13:43.1.2 - x86
Microsoft Windows XP Professional
5.1.2600.3.1252.1.1033.18.2046.1624 [GMT -5:00]
Running from: c:\documents and settings\Jeff Love\My
Documents\Downloads\combofix.exe
AV: Sophos Anti-Virus *On-access scanning disabled*
(Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\twain_32.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys
was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-
07 )))))))))))))))))))))))))))))))
.

2009-12-07 18:27 . 2009-12-07 18:27 -------- d--h--w-
c:\windows\PIF
2009-12-05 17:33 . 2009-12-05 17:34 -------- d-----w-
c:\program files\trend micro
2009-12-05 17:33 . 2009-12-05 17:34 -------- d-----w-
C:\rsit
2009-12-03 21:48 . 2009-12-03 21:48 -------- d-----w-
c:\program files\NCH Software
2009-12-03 21:31 . 2009-12-03 21:31 -------- d-----w-
c:\documents and settings\All Users\Application Data\NCH
Swift Sound
2009-12-03 21:31 . 2009-12-03 21:31 -------- d-----w-
c:\documents and settings\Jeff Love\Application Data\NCH
Swift Sound
2009-12-03 21:31 . 2009-12-03 21:31 -------- d-----w-
c:\program files\NCH Swift Sound
2009-12-03 04:35 . 2009-12-03 17:47 -------- d-----w-
c:\documents and settings\All Users\Application
Data\Lavasoft
2009-12-01 21:36 . 2009-12-01 23:11 -------- d-----w-
c:\program files\Spybot - Search & Destroy
2009-12-01 21:36 . 2009-12-01 23:11 -------- d-----w-
c:\documents and settings\All Users\Application Data\Spybot
- Search & Destroy
2009-11-30 20:56 . 2009-11-30 21:10 -------- d---a-w-
c:\documents and settings\All Users\Application Data\TEMP
2009-11-29 23:11 . 2009-11-29 23:39 -------- d-----w-
c:\documents and settings\Jeff Love\Local
Settings\Application Data\qlqjeq
2009-11-28 14:02 . 2009-11-28 14:02 -------- d-sh--w-
c:\windows\system32\config\systemprofile\IETldCache
2009-11-28 07:09 . 2009-11-28 07:09 -------- d-sh--w-
c:\documents and settings\LocalService\IETldCache
2009-11-24 03:11 . 2008-04-14 00:12 26624 ----a-w-
c:\documents and settings\LocalService\Application
Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-24 03:05 . 2009-11-24 03:05 -------- d-----w-
c:\program files\Windows Media Connect 2
2009-11-24 03:04 . 2009-11-24 03:05 -------- d-----w-
C:\2efa6decc5a07ae8ce4001c69bc30d
2009-11-24 03:02 . 2009-11-24 03:03 -------- d-----w-
c:\windows\system32\drivers\UMDF
2009-11-24 03:02 . 2009-11-24 03:02 -------- d-----w-
c:\windows\system32\LogFiles
2009-11-15 08:18 . 2009-11-15 08:18 -------- d-----w-
c:\windows\system32\XPSViewer
2009-11-15 08:18 . 2009-11-15 08:18 -------- d-----w-
c:\program files\Reference Assemblies
2009-11-15 08:17 . 2008-07-06 12:06 89088 ----a-w-
c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprint
proc.dll
2009-11-15 08:16 . 2008-07-06 12:06 117760 ------w-
c:\windows\system32\prntvpt.dll
2009-11-15 08:16 . 2008-07-06 12:06 89088 ------w-
c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-15 08:16 . 2008-07-06 10:50 597504 ------w-
c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipeline
svc.exe
2009-11-15 08:16 . 2008-07-06 10:50 597504 ------w-
c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-15 08:16 . 2008-07-06 12:06 575488 ------w-
c:\windows\system32\xpsshhdr.dll
2009-11-15 08:16 . 2008-07-06 12:06 575488 ------w-
c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-15 08:16 . 2008-07-06 12:06 1676288 ------w-
c:\windows\system32\xpssvcs.dll
2009-11-15 08:16 . 2008-07-06 12:06 1676288 ------w-
c:\windows\system32\dllcache\xpssvcs.dll
2009-11-12 06:15 . 2009-11-12 06:15 -------- d-----w-
c:\windows\Performance
2009-11-12 06:15 . 2009-11-12 06:15 -------- d-----w-
c:\documents and settings\Jeff Love\Local
Settings\Application Data\Microsoft Corporation
2009-11-09 05:11 . 2009-11-09 05:11 -------- d-----w-
c:\program files\iPod
2009-11-09 05:03 . 2009-11-09 05:03 79144 ----a-w-
c:\documents and settings\All Users\Application Data\Apple
Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 18:11 . 2004-08-04 03:59 96512 ----a-w-
c:\windows\system32\drivers\atapi.sys
2009-12-04 07:34 . 2009-10-18 07:02 3526 ----a-w-
c:\documents and settings\Jeff Love\Application
Data\wklnhst.dat
2009-12-03 17:59 . 2009-10-17 21:47 -------- d-----w-
c:\program files\iTunes
2009-11-29 22:28 . 2009-10-17 21:49 -------- d-----w-
c:\documents and settings\Jeff Love\Application Data\Apple
Computer
2009-11-15 08:52 . 2009-10-17 19:44 87056 ----a-w-
c:\documents and settings\Jeff Love\Local
Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-09 05:11 . 2009-10-17 21:44 -------- d-----w-
c:\program files\Common Files\Apple
2009-11-01 00:21 . 2009-10-23 23:02 664 ----a-w-
c:\windows\system32\d3d9caps.dat
2009-10-27 23:47 . 2009-10-17 20:52 -------- d-----w-
c:\documents and settings\Jeff Love\Application
Data\BitTorrent
2009-10-26 20:56 . 2009-10-26 20:56 -------- d-----w-
c:\documents and settings\Jeff Love\Application Data\Sonic
2009-10-26 20:56 . 2009-10-26 20:56 -------- d-----w-
c:\documents and settings\Jeff Love\Application
Data\Leadertech
2009-10-26 02:58 . 2009-10-26 02:58 -------- d-----w-
c:\documents and settings\Jeff Love\Application
Data\AdobeUM
2009-10-23 21:50 . 2009-10-17 21:44 -------- d-----w-
c:\documents and settings\All Users\Application Data\Apple
2009-10-21 23:27 . 2009-10-21 23:27 -------- d-----w-
c:\documents and settings\Jeff Love\Application Data\acccore
2009-10-21 23:27 . 2009-10-21 23:27 -------- d-----w-
c:\program files\AIM Toolbar
2009-10-21 23:27 . 2009-10-21 23:27 -------- d-----w-
c:\documents and settings\All Users\Application Data\AIM
Toolbar
2009-10-21 23:27 . 2009-10-21 23:27 -------- d-----w-
c:\program files\Common Files\Software Update Utility
2009-10-21 23:26 . 2009-10-21 23:26 -------- d-----w-
c:\documents and settings\All Users\Application Data\AIM
2009-10-21 23:26 . 2009-10-21 23:26 -------- d-----w-
c:\program files\AIM
2009-10-21 23:26 . 2006-06-07 08:59 -------- d-----w-
c:\program files\Common Files\AOL
2009-10-21 18:07 . 2009-10-21 18:07 92 ----a-w-
c:\documents and settings\All Users\Application
Data\Last.fm\Client\uninst2.bat
2009-10-21 18:07 . 2009-10-21 18:07 683801 ----a-w-
c:\documents and settings\All Users\Application
Data\Last.fm\Client\UninstITW\unins000.exe
2009-10-21 18:07 . 2009-10-21 18:07 -------- d-----w-
c:\documents and settings\All Users\Application Data\Last.fm
2009-10-21 18:07 . 2009-10-21 18:07 -------- d-----w-
c:\program files\Last.fm
2009-10-18 02:06 . 2009-10-18 01:51 -------- d-----w-
c:\documents and settings\All Users\Application
Data\Microsoft Help
2009-10-18 01:57 . 2006-06-07 09:07 -------- d-----w-
c:\program files\Microsoft Works
2009-10-18 01:57 . 2009-10-18 01:57 -------- d-----w-
c:\program files\MSBuild
2009-10-18 01:56 . 2009-10-18 01:56 -------- d-----w-
c:\program files\Microsoft.NET
2009-10-18 01:38 . 2009-10-17 23:22 -------- d-----w-
c:\program files\peeriu
2009-10-17 23:21 . 2009-10-17 21:13 -------- d-----w-
c:\program files\Common Files\Adobe
2009-10-17 22:25 . 2009-10-17 22:25 -------- d-----w-
c:\program files\Guitar Pro 5
2009-10-17 22:08 . 2009-10-17 22:08 -------- d-----w-
c:\program files\PowerISO
2009-10-17 21:49 . 2009-10-17 21:47 -------- d-----w-
c:\documents and settings\All Users\Application
Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 21:47 . 2009-10-17 21:24 -------- d-----w-
c:\program files\Bonjour
2009-10-17 21:46 . 2009-10-17 21:45 -------- d-----w-
c:\program files\QuickTime
2009-10-17 21:45 . 2009-10-17 21:45 -------- d-----w-
c:\documents and settings\All Users\Application Data\Apple
Computer
2009-10-17 21:45 . 2009-10-17 21:45 -------- d-----w-
c:\program files\Apple Software Update
2009-10-17 21:31 . 2009-10-17 21:31 -------- d-----w-
c:\documents and settings\All Users\Application
Data\FLEXnet
2009-10-17 21:14 . 2009-10-17 21:14 -------- d-----w-
c:\program files\Common Files\Macrovision Shared
2009-10-17 21:11 . 2009-10-17 21:11 -------- d-----w-
c:\documents and settings\Jeff Love\Application
Data\Malwarebytes
2009-10-17 21:11 . 2009-10-17 21:11 -------- d-----w-
c:\program files\Malwarebytes' Anti-Malware
2009-10-17 21:11 . 2009-10-17 21:11 -------- d-----w-
c:\documents and settings\All Users\Application
Data\Malwarebytes
2009-10-17 20:52 . 2009-10-17 20:52 -------- d-----w-
c:\program files\Ask.com
2009-10-17 20:52 . 2009-10-17 20:52 -------- d-----w-
c:\program files\BitTorrent
2009-10-17 19:38 . 2009-10-17 19:38 -------- d-----w-
c:\program files\Stardock
2009-10-17 19:38 . 2009-10-17 19:38 -------- d-----w-
c:\program files\Common Files\Stardock
2009-10-17 19:16 . 2009-10-17 19:16 -------- d-----w-
c:\program files\Common Files\Cisco Systems
2009-10-17 19:16 . 2009-10-17 19:16 -------- d-----w-
c:\documents and settings\All Users\Application Data\Sophos
2009-10-17 19:16 . 2009-10-17 19:09 -------- d-----w-
c:\program files\Sophos
2009-10-17 19:14 . 2009-10-17 19:14 14976 ----a-w-
c:\windows\system32\drivers\SophosBootDriver.sys
2009-10-17 19:13 . 2009-10-17 19:13 38528 ----a-w-
c:\windows\system32\drivers\savonaccessfilter.sys
2009-10-17 19:13 . 2009-10-17 19:16 130104 ----a-w-
c:\windows\system32\sdccoinstaller.dll
2009-10-17 19:13 . 2009-10-17 19:16 23552 ----a-w-
c:\windows\system32\sophosboottasks.exe
2009-10-17 19:13 . 2009-10-17 19:13 110848 ----a-w-
c:\windows\system32\drivers\savonaccesscontrol.sys
2009-10-16 21:34 . 2009-10-16 21:34 -------- d-----w-
c:\program files\MSXML 4.0
2009-10-16 20:38 . 2005-08-16 09:41 89143 ----a-w-
c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-16 16:43 . 2009-10-16 16:43 -------- d-----w-
c:\documents and settings\LocalService\Application
Data\McAfee.com Personal Firewall
2009-10-16 16:42 . 2009-10-16 16:42 -------- d-----w-
c:\documents and settings\Jeff Love\Application
Data\McAfee.com Personal Firewall
2009-10-16 16:42 . 2009-10-16 16:41 132 ----a-w-
c:\documents and settings\Jeff Love\Local
Settings\Application Data\fusioncache.dat
2009-10-16 16:42 . 2009-10-16 16:42 -------- d-----w-
c:\documents and settings\NetworkService\Application
Data\Intel
2009-10-16 16:30 . 2006-06-07 08:57 -------- d-----w-
c:\program files\Dell
2009-10-16 16:27 . 2006-06-07 09:03 -------- d-----w-
c:\documents and settings\All Users\Application Data\GTek
2009-10-16 16:26 . 2006-06-07 09:00 -------- d-----w-
c:\program files\Common Files\Real
2009-10-16 16:25 . 2006-06-07 08:53 -------- d--h--w-
c:\program files\InstallShield Installation Information
2009-10-16 16:24 . 2006-06-07 08:58 -------- d-----w-
c:\program files\MUSICMATCH
2009-10-16 16:18 . 2005-08-17 01:54 -------- d-----w-
c:\program files\GemMaster
2009-10-16 16:16 . 2009-10-16 16:41 -------- d--h--w-
c:\documents and settings\Jeff Love\Application Data\Gtek
2009-10-16 16:16 . 2006-06-07 09:03 -------- d-----w-
c:\documents and settings\Administrator\Application
Data\Gtek
2009-10-16 16:12 . 2006-06-07 09:11 -------- d-----w-
c:\documents and settings\All Users\Application
Data\McAfee.com Personal Firewall
2009-10-16 16:10 . 2006-06-07 08:59 -------- d-----w-
c:\documents and settings\All Users\Application Data\AOL
2009-10-16 16:09 . 2009-10-16 16:09 -------- d-----w-
c:\program files\CCleaner
2009-09-11 14:18 . 2005-08-16 09:18 136192 ----a-w-
c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2009-10-17 21:11 38224 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-17 21:11 19160 ----a-w-
c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program
files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-
4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-
893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program
files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-
4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-
893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program
files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"ATICCC"="c:\program files\ATI
Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06
127035]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-02-22 49152]
"MSKDetectorExe"="c:\program
files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13
1117184]
"Malwarebytes Anti-Malware (reboot)"="c:\program
files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10
1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe"
[2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[2009-10-29 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Curr
entVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Jeff Love\Start
Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program
files\Stardock\ObjectDock\ObjectDock.exe [2009-10-17
3450608]

c:\documents and settings\All Users\Start
Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program
files\Sophos\AutoUpdate\ALMon.exe [2009-10-17 245760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All
Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start
Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program
files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Google Update]
2009-10-17 19:23 133104 ----atw- c:\documents
and settings\Jeff Love\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 04:47 31016 ----a-w- c:\program
files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program
files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program
files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program
files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program
files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program
files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program
files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security
center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\sta
ndardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft
Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft
Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft
Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1
SAVOnAccessControl;SAVOnAccessControl;c:\windows\sys
tem32\drivers\savonaccesscontrol.sys [10/17/2009 2:13 PM
110848]
R1
SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system
32\drivers\savonaccessfilter.sys [10/17/2009 2:13 PM 38528]
R2 SAVAdminService;Sophos Anti-Virus status
reporter;c:\program files\Sophos\Sophos Anti-
Virus\SAVAdminService.exe [11/3/2009 1:44 PM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program
files\Sophos\Sophos Anti-Virus\SavService.exe [10/17/2009
2:13 PM 98304]
S4
SophosBootDriver;SophosBootDriver;c:\windows\system32\dri
vers\SophosBootDriver.sys [10/17/2009 2:14 PM 14976]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?
hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

***********************************************************************
***

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware
detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

***********************************************************************
***
.
--------------------- DLLs Loaded Under Running Processes --------
-------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-07 13:58
ComboFix-quarantined-files.txt 2009-12-07 18:58

Pre-Run: 33,162,825,728 bytes free
Post-Run: 33,487,982,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery
Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP
Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 27B5CF45FDB1C699861857A14BADB52F


Report •

#7
December 7, 2009 at 16:58:37

Are you still being redirected?

If you did not set up the proxy server (you would know) if not, go to start> control panel> Internet Options > Connections Tab >Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings"> apply>ok..

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.


Report •

#8
December 7, 2009 at 20:09:13

Everything is working fine now...thanks so much!

Report •

#9
December 7, 2009 at 20:16:45

A little clean-up to do.

Delete RSIT and GMER from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •


Ask Question