Google Redirect again...

January 2, 2010 at 12:28:27
Specs: Windows XP
I have recently picked up the google redirect virus. I've scanned my computer with malwarebytes, avira, and most of the other things. I am a novice at computers so any help would be greatly appreciated.

See More: Google Redirect again...

Report •


#1
January 2, 2010 at 12:38:34
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

#2
January 2, 2010 at 13:31:34
MBAM log:

Malwarebytes' Anti-Malware 1.43
Database version: 3482
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/2/2010 4:29:48 PM
mbam-log-2010-01-02 (16-29-48).txt

Scan type: Quick Scan
Objects scanned: 154080
Time elapsed: 13 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Report •

#3
January 2, 2010 at 13:32:00
RSIT log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chintu at 2010-01-02 16:30:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (29%) free of 38 GB
Total RAM: 767 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:44 PM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\MyPrograms\Avira\AntiVir Desktop\sched.exe
C:\MyPrograms\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\MyPrograms\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\MyPrograms\SyncBack\SyncBack.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Chintu\Desktop\RSIT.exe
C:\Program Files\trend micro\Chintu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/ask...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/ask...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\MyPrograms\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SyncBack.lnk = C:\MyPrograms\SyncBack\SyncBack.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/g...
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\MyPrograms\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\MyPrograms\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7013 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-06-05 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-01-19 2403392]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-07 98304]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"avgnt"=C:\MyPrograms\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-06-05 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [2008-08-29 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe [2004-04-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3
"SCardSvr"=3
"LexBceS"=2
"gusvc"=3
"CiSvc"=3
"bgsvcgen"=2
"WUSB54Gv2SVC"=2
"mnmsrvc"=3
"MDM"=2
"Bonjour Service"=2

C:\Documents and Settings\Chintu\Start Menu\Programs\Startup
SyncBack.lnk - C:\MyPrograms\SyncBack\SyncBack.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling"
"C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe"="C:\Program Files\GameHouse\FeedingFrenzy\FeedingFrenzy.exe:*:Disabled:Feeding Frenzy"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Reema\My Documents\oovoo\ooVoo.exe"="C:\Documents and Settings\Reema\My Documents\oovoo\ooVoo.exe:*:Enabled:ooVoo"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======List of files/folders created in the last 1 months======

2010-01-02 16:30:32 ----D---- C:\Program Files\trend micro
2010-01-02 16:30:30 ----D---- C:\rsit
2010-01-02 16:05:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-02 14:47:09 ----D---- C:\Program Files\Mozilla Firefox
2010-01-01 19:58:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-31 13:26:33 ----D---- C:\Program Files\Windows Live Safety Center
2009-12-31 13:11:52 ----A---- C:\WINDOWS\setuplog.txt
2009-12-30 22:50:06 ----D---- C:\Documents and Settings\Chintu\Application Data\JGoodies
2009-12-30 22:23:41 ----RSD---- C:\WINDOWS\assembly
2009-12-30 22:21:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-30 21:58:56 ----D---- C:\Documents and Settings\Chintu\Application Data\Malwarebytes
2009-12-30 21:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-27 10:00:44 ----D---- C:\WINDOWS\VMUVC
2009-12-27 10:00:31 ----A---- C:\WINDOWS\system32\VvFtCtrl.dll
2009-12-27 10:00:31 ----A---- C:\WINDOWS\system32\VMUVC.dll
2009-12-27 10:00:15 ----D---- C:\Program Files\Vimicro Corporation
2009-12-27 09:57:33 ----D---- C:\Documents and Settings\Chintu\Application Data\InstallShield
2009-12-25 20:42:08 ----D---- C:\WINDOWS\ie8updates
2009-12-25 20:39:45 ----D---- C:\WINDOWS\WBEM
2009-12-25 20:38:18 ----HDC---- C:\WINDOWS\ie8
2009-12-25 20:03:03 ----D---- C:\Documents and Settings\Chintu\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-12-25 19:26:30 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1053
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1049
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1046
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1043
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1040
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1036
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1034
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1030
2009-12-25 19:19:42 ----D---- C:\Program Files\Altiris
2009-12-25 19:19:41 ----HD---- C:\fslrdr
2009-12-25 18:59:34 ----D---- C:\MalkaniMagic
2009-12-25 18:53:59 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-12-25 18:36:03 ----D---- C:\MyPrograms
2009-12-15 17:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-15 17:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-15 17:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-15 17:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-15 17:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-15 17:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-02 16:30:36 ----D---- C:\WINDOWS\Temp
2010-01-02 16:30:36 ----D---- C:\WINDOWS\Prefetch
2010-01-02 16:30:32 ----RD---- C:\Program Files
2010-01-02 16:05:34 ----D---- C:\WINDOWS\system32\drivers
2010-01-02 16:02:35 ----SD---- C:\WINDOWS\Tasks
2010-01-02 16:01:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-02 15:36:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-01 21:29:16 ----D---- C:\WINDOWS\system32
2010-01-01 21:25:45 ----SHD---- C:\WINDOWS\Installer
2010-01-01 21:25:36 ----D---- C:\WINDOWS\system32\mui
2010-01-01 21:25:36 ----D---- C:\Program Files\Internet Explorer
2010-01-01 21:25:32 ----HD---- C:\WINDOWS\inf
2010-01-01 20:08:43 ----SHD---- C:\RECYCLER
2010-01-01 19:58:19 ----D---- C:\WINDOWS
2010-01-01 19:52:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-31 13:27:39 ----RASH---- C:\boot.ini
2009-12-31 13:27:39 ----A---- C:\WINDOWS\win.ini
2009-12-31 13:27:39 ----A---- C:\WINDOWS\System.ini
2009-12-31 13:26:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-31 13:21:42 ----SHD---- C:\System Volume Information
2009-12-31 13:21:42 ----D---- C:\WINDOWS\system32\Restore
2009-12-31 13:14:10 ----AC---- C:\WINDOWS\system32\wpa.bak
2009-12-31 13:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-12-30 22:25:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-30 22:23:50 ----D---- C:\WINDOWS\WinSxS
2009-12-27 22:23:28 ----D---- C:\WINDOWS\Debug
2009-12-27 22:23:25 ----D---- C:\WINDOWS\Minidump
2009-12-27 12:32:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-27 10:50:18 ----D---- C:\Program Files\Lexmark X1100 Series
2009-12-27 10:00:44 ----D---- C:\WINDOWS\twain_32
2009-12-27 10:00:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-27 10:00:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-27 10:00:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 21:00:16 ----D---- C:\Program Files\Yahoo! Games
2009-12-25 20:45:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-25 20:44:23 ----D---- C:\WINDOWS\Help
2009-12-25 20:40:00 ----D---- C:\WINDOWS\system32\config
2009-12-25 20:39:45 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 20:39:38 ----D---- C:\WINDOWS\Media
2009-12-25 20:06:49 ----D---- C:\Program Files\Common Files
2009-12-25 20:05:37 ----D---- C:\Program Files\Adobe
2009-12-25 20:04:06 ----D---- C:\Program Files\Common Files\Adobe
2009-12-25 20:02:43 ----D---- C:\Documents and Settings\Chintu\Application Data\Adobe
2009-12-25 19:19:45 ----D---- C:\WINDOWS\system32\1033
2009-12-25 18:58:10 ----D---- C:\Downloads
2009-12-25 18:48:12 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-13 18:44:53 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\MyPrograms\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256]
R1 FSLX;FSLX; \??\C:\WINDOWS\system32\drivers\fslx.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-27 56816]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-11-24 15781]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 PRISM_A02;WUSB54GV2 802.11g USB Driver; C:\WINDOWS\System32\DRIVERS\WUSBGXP.sys [2004-04-23 374752]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VMUVC;Vimicro Camera Service VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [2009-05-25 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\WINDOWS\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 chdrvr01;CH Control Manager Driver 1; C:\WINDOWS\system32\DRIVERS\chdrvr01.sys []
S3 chdrvr02;CH Control Manager Driver 2; C:\WINDOWS\system32\DRIVERS\chdrvr02.sys []
S3 chdrvr03;CH Control Manager Driver 3; C:\WINDOWS\system32\DRIVERS\chdrvr03.sys []
S3 CoachUsb;Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 DSCVc;Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\MyPrograms\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\MyPrograms\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-03 138168]
S4 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 WUSB54Gv2SVC;WUSB54Gv2SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2004-02-06 41025]

-----------------EOF-----------------


Report •

Related Solutions

#4
January 2, 2010 at 13:32:23
RSIT info file:

info.txt logfile of random's system information tool 1.06 2010-01-02 16:30:50

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6.0-->C:\Program Files\AIM6\uninst.exe
Altiris Software Virtualization Agent-->MsiExec.exe /I{7D8DBB7C-1C55-4950-A107-043C164F379A}
AOL Instant Messenger-->C:\PROGRA~1\AIM\uninstll.exe -LOG= C:\PROGRA~1\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\MyPrograms\Avira\AntiVir Desktop\setup.exe /REMOVE
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Cyberchase Carnival Chaos-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Cyberchase\Cyberchase Carnival Chaos\Uninstall.xml"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DXG-568-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}\Setup.exe"
EPSON CX 3800 Guide-->C:\Program Files\epson\guide\cx3800_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Free RM to MP3 Converter 1.12-->"C:\Program Files\Free RM to MP3 Converter\unins000.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GPL MPEG-1/2 DirectShow Decoder Filter-->MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Intel(R) Integrated Performance Primitives RTI 4.0-->MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_07-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142070}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JGoodies JDiskReport 1.3.1-->"C:\myprograms\JDiskReport 1.3.1\uninstall.exe"
Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mind Power(TM) Math - Pre Algebra-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Mind Power(TM) Math - Pre Algebra\Uninstall.xml"
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Revo Uninstaller 1.85-->C:\MyPrograms\Revo Uninstaller\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SpongeBob SquarePants Typing-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\SpongeBob SquarePants Typing\Uninstall.xml"
SyncBack-->"C:\MyPrograms\SyncBack\unins000.exe"
Theorica Divx ;-) Codecs (remove only)-->C:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Versal FileDownload ActiveX Control Trial Version-->C:\Program Files\Universal\UFileDownloadD\USetup.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vimicro USB2.0 UVC PC Camera-->C:\Program Files\InstallShield Installation Information\{71A51A91-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
West Point Bridge Designer 2005-->C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2005\irunin.ini"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Ten Pin Championship Bowling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DE14135-AC19-459A-8A1F-C2AA0AD2D9F7}\Setup.exe" -l0x9 -uninst

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: CM-BMNT
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
to the user CM-BMNT\Reema SID (S-1-5-21-1390067357-2049760794-839522115-1004). This security permission can be modified using the Component Services administrative tool.

Record Number: 103347
Source Name: DCOM
Time Written: 20091121143751.000000-300
Event Type: error
User: CM-BMNT\Reema

Computer Name: CM-BMNT
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WUSB54Gv2SVC service.

Record Number: 103341
Source Name: Service Control Manager
Time Written: 20091121143639.000000-300
Event Type: error
User:

Computer Name: CM-BMNT
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?lin...

Scan ID: {7178B332-D229-4F89-B68A-45F2EFAFEF0D}

User: CM-BMNT\Chintu

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: driver:mfehidk01

Alert Type: Unclassified software

Detection Type:

Record Number: 103309
Source Name: WinDefend
Time Written: 20091121133927.000000-300
Event Type: warning
User:

Computer Name: CM-BMNT
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000F666B8DA4. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 103265
Source Name: Dhcp
Time Written: 20091120231808.000000-300
Event Type: warning
User:

Computer Name: CM-BMNT
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\UPSTAIRS on the network \Device\NetBT_Tcpip_{4A1341AC-C74E-41C4-95DD-85C57A7E3B15}.
The data is the error code.

Record Number: 103213
Source Name: BROWSER
Time Written: 20091117061100.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: CM-BMNT
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 34073
Source Name: Userenv
Time Written: 20090802224253.000000-240
Event Type: warning
User: CM-BMNT\Bhavish

Computer Name: CM-BMNT
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 34067
Source Name: Application Error
Time Written: 20090802160335.000000-240
Event Type: error
User:

Computer Name: CM-BMNT
Event Code: 1517
Message: Windows saved user CM-BMNT\Reema registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 34066
Source Name: Userenv
Time Written: 20090802155433.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CM-BMNT
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 34065
Source Name: Userenv
Time Written: 20090802155429.000000-240
Event Type: warning
User: CM-BMNT\Reema

Computer Name: CM-BMNT
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 34060
Source Name: Application Error
Time Written: 20090801145837.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Altiris\Software Virtualization Agent\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#5
January 2, 2010 at 14:06:24
those are the 3 logs you requested

Report •

#6
January 2, 2010 at 14:28:19
Go to add/remove programs and uninstall this program as it is know to harbor spyware:

Viewpoint Media Player

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Please download Combofix with internet explorer instead of FireFox.

Remember..your Avira antivirus and Windows Defender must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
January 2, 2010 at 15:46:46
( I am on a different computer)

I ran Combofix and installed the recovery console. it was searching and a message popped up saying that it detected rootkit activity and needed to reboot the computer automatically. I let it do so and the log in screen popped up. I logged in and only the background showed up. Is that supposed to happen?


Report •

#8
January 2, 2010 at 15:54:10
Give it no longer than ten minutes and if it has not restarted then restart the computer.

Report •

#9
January 2, 2010 at 15:57:50
when it told me that it was going to restart and it did. I got back to the log in screen and signed in but now i just have my background. is it supposed to restart again? should i try to open up the task manager and run explorer.exe?

Report •

#10
January 2, 2010 at 16:10:50
Shut down the computer, wait 30 seconds. Restart into safe mode by tapping F8 (use no other method) as the computer boots up. You should get an option choose safe mode, let it finish booting then restart into normal mode.

That should clean it up.


Report •

#11
January 2, 2010 at 16:12:27
should i sign in to the adin's account i'm using, or the default administrator account? or should i not sign in at all?

Report •

#12
January 2, 2010 at 16:15:40
Use the normal account.

Report •

#13
January 2, 2010 at 16:28:59
Ok i went into safe mode, logged onto my account, then rebooted the computer. I logged on to my account in normal mode and now my background is showing up and the command prompt. I cannot type in the command prompt either. Help me please!! I'm starting to get really worried that this is going to make my computer crash really badly. I backed up the documents and setting folder, but if I reformat my computer all my program files will go too,and that includes my Microsoft Office.

Report •

#14
January 2, 2010 at 16:39:19
i also forgot to mention my nero 6, and all the other 70 or so programs i have installed.

Report •

#15
January 2, 2010 at 16:56:01
Try to run explorer from task manager and let me know if that works.

Report •

#16
January 2, 2010 at 16:57:02
I tried to restart my computer and tried to log in again. Now it is stuck on the welcome screen and just says that it is " Loading my personal settings" this Combofix seems to be ruining my computer more!!

Report •

#17
January 2, 2010 at 16:57:36
task manager wouldn't work at all

Report •

#18
January 2, 2010 at 17:01:28
I'm betting its the trojan. Do you have a windows cd or reinstall cd. Combofix left a backup up you system as a ne wrestore point if you installed the recovery console as requested we should be able to get it running.

Report •

#19
January 2, 2010 at 17:10:38
yea the recovery console is installed. whenever i restart the computer the screen pops up. i actually tried running it. i get a screen that says that it is going to run c:\Windows. then it asks me to enter the Administrator password. i do and then it says C:\WINDOWS>. i don't know what to do from there. I found a windows XP home edition service pack 1 CD. my computer is Windows XP professional edition Service pack 3.

Report •

#20
January 2, 2010 at 17:17:51
I just found an XP home edition service pack 2 CD. will any of those work?

Report •

#21
January 2, 2010 at 17:57:25
ok so i am running my computer in safe mode. I tried to access the system restore but it says that it has been turned off by group policy. it also says that I have to contact my domain Administrator. I don't know what that means! Help me Please!!1 can I try to uninstall Combofix from here?

Report •

#22
January 2, 2010 at 19:18:33
Ok so I was in safe mode, but i scanned with Avira while there, thus finding and deleting the trojans that were causing the loading of my account and the taskmanager not working to be resolved. I restarted and logged on to my account and the combo fix finished. the log is in the next reply.

Report •

#23
January 2, 2010 at 19:20:38
oh and also when i restarted, since i had to use avira in safe mode, it was enabled at the start of the resuming of Combofix, so the little boxes popped up saying that Combofix was a trojan/virus. I ignored them and disabled it again. Here is the log:

ComboFix 10-01-02.01 - Chintu 01/02/2010 21:48:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.492 [GMT -5:00]
Running from: c:\documents and settings\Chintu\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DeFAultsearch.dll
C:\waxfhosk.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\bb6D6o7.dll
c:\windows\system32\certstore.dat
c:\windows\system32\critical_warning.html
c:\windows\system32\flags.ini
c:\windows\system32\uses32.dat
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winsts.sys
c:\windows\system32\winupdate86.exe
c:\windows\Temp\4264008820.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IAS
-------\Legacy_WINSTS
-------\Service_Ias
-------\Service_winsts


((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-02 23:28 . 2010-01-02 23:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-02 23:20 . 2010-01-02 23:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 21:30 . 2010-01-02 21:30 -------- d-----w- c:\program files\trend micro
2010-01-02 21:30 . 2010-01-02 21:30 -------- d-----w- C:\rsit
2010-01-02 21:05 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 21:05 . 2010-01-02 21:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 21:05 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 02:20 . 2010-01-02 02:20 -------- d-sh--w- c:\documents and settings\Bhavish\IETldCache
2010-01-02 01:05 . 2010-01-02 01:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-02 01:05 . 2010-01-02 01:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-02 00:59 . 2010-01-02 00:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-31 18:26 . 2009-12-31 18:28 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-31 03:50 . 2009-12-31 03:50 -------- d-----w- c:\documents and settings\Chintu\Application Data\JGoodies
2009-12-31 02:58 . 2009-12-31 02:58 -------- d-----w- c:\documents and settings\Chintu\Application Data\Malwarebytes
2009-12-31 02:58 . 2009-12-31 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 00:01 . 2009-12-28 00:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-27 15:30 . 2009-12-27 15:31 -------- d-----w- c:\documents and settings\Reema\Application Data\ooVoo Details
2009-12-27 15:00 . 2009-12-27 15:00 -------- d-----w- c:\windows\VMUVC
2009-12-27 15:00 . 2009-05-25 22:31 252416 ----a-w- c:\windows\system32\drivers\VMUVC.sys
2009-12-27 15:00 . 2008-09-02 22:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll
2009-12-27 15:00 . 2008-07-01 16:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys
2009-12-27 15:00 . 2008-02-29 15:11 11776 ----a-w- c:\windows\system32\VMUVC.dll
2009-12-27 15:00 . 2009-12-27 15:00 -------- d-----w- c:\program files\Vimicro Corporation
2009-12-27 14:57 . 2009-12-27 14:57 -------- d-----w- c:\documents and settings\Chintu\Application Data\InstallShield
2009-12-26 02:40 . 2009-12-26 02:40 -------- d-sh--w- c:\documents and settings\Reema\IETldCache
2009-12-26 01:47 . 2009-12-26 01:47 -------- d-sh--w- c:\documents and settings\Chintu\IECompatCache
2009-12-26 01:47 . 2009-12-26 01:47 -------- d-sh--w- c:\documents and settings\Chintu\PrivacIE
2009-12-26 01:44 . 2009-12-26 01:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-26 01:44 . 2009-12-26 01:44 -------- d-sh--w- c:\documents and settings\Chintu\IETldCache
2009-12-26 01:42 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-26 01:42 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-26 01:42 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-26 01:42 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-26 01:42 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-26 01:42 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-26 01:42 . 2009-12-27 17:33 -------- d-----w- c:\windows\ie8updates
2009-12-26 01:40 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-26 01:38 . 2009-12-26 01:40 -------- dc-h--w- c:\windows\ie8
2009-12-26 01:03 . 2009-12-26 01:06 -------- d-----w- c:\documents and settings\Chintu\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-12-26 00:32 . 2009-12-26 00:32 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2009-12-26 00:26 . 2009-12-26 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1053
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1049
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1046
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1043
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1040
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1036
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1034
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\windows\system32\1030
2009-12-26 00:19 . 2009-12-26 00:19 -------- d-----w- c:\program files\Altiris
2009-12-26 00:19 . 2009-12-31 01:46 -------- d-----w- C:\fslrdr
2009-12-25 23:59 . 2009-12-26 02:11 -------- d-----w- C:\MalkaniMagic
2009-12-25 23:54 . 2009-12-27 14:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-25 23:54 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-25 23:54 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-25 23:54 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-25 23:53 . 2009-12-25 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-25 23:36 . 2010-01-02 21:01 -------- d-----w- C:\MyPrograms

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 23:19 . 2005-02-27 22:09 -------- d-----w- c:\program files\Java
2010-01-02 23:13 . 2010-01-02 23:13 0 ----a-w- c:\windows\system32\RENB6.tmp
2010-01-02 23:13 . 2010-01-02 23:13 0 ----a-w- c:\windows\system32\RENB5.tmp
2010-01-02 23:12 . 2010-01-02 23:12 0 ----a-w- c:\windows\system32\RENA5.tmp
2010-01-02 23:12 . 2010-01-02 23:12 0 ----a-w- c:\windows\system32\RENA4.tmp
2010-01-02 23:12 . 2010-01-02 23:12 0 ----a-w- c:\windows\system32\RENA3.tmp
2010-01-02 23:10 . 2010-01-02 23:10 0 ----a-w- c:\windows\system32\REN9C.tmp
2010-01-02 23:10 . 2010-01-02 23:10 0 ----a-w- c:\windows\system32\REN9B.tmp
2010-01-02 23:10 . 2010-01-02 23:10 0 ----a-w- c:\windows\system32\REN9A.tmp
2010-01-02 22:58 . 2005-02-27 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-02 22:58 . 2005-02-27 21:01 -------- d-----w- c:\program files\Viewpoint
2010-01-02 00:52 . 2005-02-27 17:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-27 15:50 . 2007-12-21 19:19 -------- d-----w- c:\program files\Lexmark X1100 Series
2009-12-27 15:30 . 2005-05-31 20:18 -------- d-----w- c:\documents and settings\Reema\Application Data\InstallShield Installation Information
2009-12-27 15:00 . 2005-02-27 16:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 02:00 . 2007-06-03 02:43 -------- d-----w- c:\program files\Yahoo! Games
2009-12-26 01:04 . 2005-03-20 01:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-26 01:01 . 2009-12-26 01:01 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-25 23:48 . 2008-02-06 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-06 01:26 . 2009-11-06 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-11-03 01:42 . 2009-10-02 21:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-12-07 21:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\MANOJ_http.sys
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\MANOJ_2_http.sys
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2003-03-31 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2003-03-31 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="c:\myprograms\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Chintu\Start Menu\Programs\Startup\
SyncBack.lnk - c:\myprograms\SyncBack\SyncBack.exe [2009-12-25 2990848]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2006-11-07 15:29 50736 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-06-05 21:35 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]
2008-08-29 22:27 143360 ----a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
2004-04-19 14:19 24576 ----a-w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TermService"=3 (0x3)
"SCardSvr"=3 (0x3)
"LexBceS"=2 (0x2)
"gusvc"=3 (0x3)
"CiSvc"=3 (0x3)
"bgsvcgen"=2 (0x2)
"WUSB54Gv2SVC"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MDM"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"37676:TCP"= 37676:TCP:*:Disabled:ooVoo TCP port 37676
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677

R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [8/10/2007 12:01 PM 191360]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\myprograms\Avira\AntiVir Desktop\sched.exe [12/25/2009 6:54 PM 108289]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [12/27/2009 10:00 AM 252416]
R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [12/27/2009 10:00 AM 398720]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys --> c:\windows\system32\DRIVERS\chdrvr01.sys [?]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys --> c:\windows\system32\DRIVERS\chdrvr02.sys [?]
S3 chdrvr03;CH Control Manager Driver 3;c:\windows\system32\DRIVERS\chdrvr03.sys --> c:\windows\system32\DRIVERS\chdrvr03.sys [?]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [12/2/2005 11:10 PM 44256]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [3/31/2003 7:00 AM 2304]

--- Other Services/Drivers In Memory ---

*Deregistered* - zamegnfi
.
Contents of the 'Scheduled Tasks' folder

2009-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2010-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-01-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13149&gct=&gc=1&q=%s
FF - ProfilePath - c:\documents and settings\Chintu\Application Data\Mozilla\Firefox\Profiles\609ku7no.default\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zamegnfi]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3580)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\myprograms\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-02 22:12:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-03 03:12

Pre-Run: 12,274,954,240 bytes free
Post-Run: 14,479,011,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 178EBD321C02B5A47B287A1E6BB1C436


Report •

#24
January 2, 2010 at 20:01:45
Are you still being redirected?

Report •

#25
January 2, 2010 at 20:14:20
No I am not!! Thank you so much for your help. If it does come back i will be sure to post, because that was a lot to do! now can i uninstall combofix?

Report •

#26
January 2, 2010 at 20:19:45
Good job.

A little clean-up to do.

Delete RSIT from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#27
January 3, 2010 at 09:39:47
Done and done! thank you so much for your help.

Report •

#28
January 3, 2010 at 09:41:44
You are welcome.

Report •

#29
January 3, 2010 at 11:07:33
So, what do you think was the reason the virus got on the computer in the first place? I mean, we try all users from using the admin account (they have limited account) - shouldn't that prevent some virus from modifying files in the system directories (such as c:\windows)??

Report •

#30
January 3, 2010 at 11:22:41
The java update probably, if you have not remove these old entries fromm add/remove programs do it now:


J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_07
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

The Java 6 update 17 is current.

Make sure adobe is updated.

Windows Defender and One Care are practically useless.

Use Spybot with TeaTimer, Spywareblaster and find a free firewall ...zonealarm has a free one.


Report •


Ask Question