Please can someone read my Hijackthis log?

Medion / Mim2130
December 2, 2009 at 15:15:51
Specs: Windows XP Home 2002 SP3
Hello, I managed to get something not good onto my computer on Monday. I've updated and run Spybot and have up-to-date Norton Internet Security running.

The malware/nasty isn't stopping my computer from working, it just loads random webpages from time to time and stops links working from Google (ie, I click on a link to say processlibrary.com and it will send me to some sort of search site, or Bournemouth.com or Bingo or an avatar creator). The Other Half unfortunately doesn't have time to fix this at the moment, so I'm hoping some kind stranger can help me instead!

Thanks in anticipation...

edited by moderator: remove HJT log


See More: Please can someone read my Hijackthis log?

Report •


#1
December 2, 2009 at 17:18:43
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 5, 2009 at 12:06:30
Thanks Jabuck! The win32diag log only says the following:

Running from: C:\Documents and Settings\Sarah\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Sarah\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...


Finished!

I may have done something wrong there?


The RSIT logs are to follow.


Report •

#3
December 5, 2009 at 12:08:28
RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sarah at 2009-12-05 11:02:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (9%) free of 38 GB
Total RAM: 2039 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:00, on 05/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Documents and Settings\Sarah\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sarah.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.symantec.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [1utcontr.exe] C:\Program Files\User Time Control Center\utcontr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/Div...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/gam...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10257 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-05 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-23 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-05 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-05 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-08 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-08 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-08 114688]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-08 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-08 729178]
"RemoteControl"=C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2005-10-04 45056]
"PCMService"=C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [2005-11-04 139264]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-17 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-17 28738]
"1utcontr.exe"=C:\Program Files\User Time Control Center\utcontr.exe []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-27 198160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-26 68856]
""= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Sarah\Start Menu\Programs\Startup
Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
Trillian.lnk - C:\Program Files\Trillian\trillian.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Home Cinema\PowerCinema\PowerCinema.exe"="C:\Program Files\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-12-05 11:02:47 ----D---- C:\rsit
2009-12-02 22:50:43 ----D---- C:\Program Files\Trend Micro
2009-12-02 21:27:38 ----D---- C:\Documents and Settings\Sarah\Application Data\Uniblue
2009-12-02 21:27:07 ----D---- C:\Program Files\Uniblue
2009-11-30 15:50:26 ----SHD---- C:\WINDOWS\system32\lowsec
2009-11-26 18:03:35 ----D---- C:\Program Files\Amazon
2009-11-25 22:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 22:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-11 22:48:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-05 11:02:22 ----D---- C:\WINDOWS\Prefetch
2009-12-05 10:59:58 ----RASH---- C:\boot.ini
2009-12-05 10:59:58 ----A---- C:\WINDOWS\win.ini
2009-12-05 10:59:58 ----A---- C:\WINDOWS\system.ini
2009-12-05 10:58:09 ----D---- C:\WINDOWS\Temp
2009-12-05 10:57:03 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-12-05 10:56:49 ----D---- C:\Documents and Settings\Sarah\Application Data\Skype
2009-12-05 10:56:27 ----D---- C:\WINDOWS\system32
2009-12-05 10:56:24 ----D---- C:\WINDOWS\system32\Lang
2009-12-05 00:52:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-05 00:47:45 ----D---- C:\Program Files\Mozilla Firefox
2009-12-04 19:47:50 ----D---- C:\Program Files\Trillian
2009-12-02 22:50:43 ----D---- C:\Program Files
2009-12-02 22:28:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-01 13:47:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-30 13:51:06 ----D---- C:\Documents and Settings\Sarah\Application Data\Canon
2009-11-30 10:42:48 ----D---- C:\Documents and Settings\Sarah\Application Data\uTorrent
2009-11-25 23:46:25 ----D---- C:\WINDOWS
2009-11-25 22:01:40 ----HD---- C:\WINDOWS\inf
2009-11-25 22:01:32 ----A---- C:\WINDOWS\imsins.BAK
2009-11-25 22:01:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-25 22:01:06 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-25 22:00:46 ----SHD---- C:\WINDOWS\Installer
2009-11-25 22:00:46 ----SHD---- C:\Config.Msi
2009-11-25 22:00:44 ----D---- C:\WINDOWS\WinSxS
2009-11-07 12:00:42 ----D---- C:\Program Files\DOSBox-0.63

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-09-09 482432]
R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2009-03-26 4484]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-22 217136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dfmirage;dfmirage; C:\WINDOWS\system32\DRIVERS\dfmirage.sys [2005-11-25 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-03-17 165504]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091204.006\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091204.006\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS [2009-08-22 36400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-08 190560]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 799744]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver; C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 46108]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-08 145920]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-12-30 43136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-20 17792]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-11-04 258146]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [2005-11-04 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [2005-11-04 1073152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2005-11-04 167936]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-12 1245064]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-29 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-25 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-01-25 3072184]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

Related Solutions

#4
December 5, 2009 at 12:09:25
RSIT info.txt:

info.txt logfile of random's system information tool 1.06 2009-12-05 11:03:03

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Amazon MP3 Downloader 1.0.5-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Asterix Mega Madness Mini Game-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FABB5-3D74-4BCC-A263-70C3681A1CD8}\setup.exe"
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audio Conversion Wizard 2.0-->"C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Brain Teasers-->C:\PROGRA~1\THETIM~1\BRAINT~1\UNWISE.EXE C:\PROGRA~1\THETIM~1\BRAINT~1\INSTALL.LOG
Cars - Radiator Springs Adventures-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F36DDC8-9EAC-4B71-8CF6-70E9BF28B855}\setup.exe" -l0x9 -uninst
CDisplay-->MsiExec.exe /X{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}
Checkers 1.3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Magicwand\Checkers 1.3\Uninst.isu"
Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coupon Printer-->"C:\Program Files\Coupon Printer\uninstall.exe" "/U:C:\Program Files\Coupon Printer\Uninstall\uninstall.xml"
CpuIdle (remove only)-->"C:\Program Files\CpuIdle\uninstall.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynomite Deluxe 2.71-->C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
Elf Bowling - Bocce Style! (remove only)-->"C:\Program Files\Nstorm\Elf Bowling - Bocce Style!\Uninstall.exe"
Elf Bowling 3 (remove only)-->"C:\Program Files\Nstorm\Elf Bowling 3\Uninstall.exe"
Elf Bowling 6 Air Biscuits 1.0 (remove only)-->"C:\Program Files\Nstorm\EB6 - Air Biscuits\Elf Bowling 6 Air Biscuits 1.0\Uninstall.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Fruit Armageddon-->"C:\Program Files\FruitArmageddon\unins000.exe"
Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\HXFSETUP.EXE -U -IPDAZLCM5K.INF
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Informations about your PC-->MsiExec.exe /I{0AB149EB-2AE0-466C-9BA4-3A718CF06432}
Instant Eyedropper 1.75-->"C:\Program Files\InstantEyedropper\unins000.exe"
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kiki the nanobot 0.9.2-->"C:\Program Files\kiki\unins000.exe"
LimeWire 4.10.9-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LJ Comment Stats Wizard 1.7-->"C:\Program Files\LJ Comment Stats Wizard\unins000.exe"
Loss-Less Video Codec Library v2.23-->RunDLL32.exe advpack.dll,LaunchINFSection llcl.inf, UnInstall
Lovefilm Download Manager-->MsiExec.exe /I{AB89183C-234C-42F0-8409-3193280E3E11}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MathmosScreensaver-->C:\WINDOWS\system32\MathmosScreensaver.scr /u
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mirage Driver 1.1-->"C:\Program Files\DemoForge\Mirage Driver\uninst\unins000.exe"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mr Bump Screen Saver-->C:\WINDOWS\system32\Mr Bump.scr /u
Mr Men Screen Savers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A1B8D40-30A2-11D4-976B-0060084D8EB2}\setup.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.7.2.11\InstStub.exe /X
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Peggle World of Warcraft Edition-->C:\Program Files\PopCap Games\Peggle World of Warcraft Edition\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle World of Warcraft Edition\Install.log"
Pinball Fantasies-->MsiExec.exe /I{B0A2B4F6-1163-4A9F-B46E-5529C38BEF41}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerCinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Protected Music Converter 1.1-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Scaryduck done a poo-->C:\Program Files\Scaryduck done a poo\Uninstal.exe
Sea Battle-->C:\Program Files\KARPOLAN\Sea Battle\UnGins.exe "C:\Program Files\KARPOLAN\Sea Battle\install.log"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Softsqueeze 3.4-->C:\Program Files\Softsqueeze\uninstall.exe
SolSuite-->C:\PROGRA~1\SolSuite\UNWISE.EXE C:\PROGRA~1\SolSuite\INSTALL.LOG
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stacker Blocks 3D-->C:\Program Files\StackerBlocks3D\Uninstal.exe
Super Elf Bowling 2-->"C:\Program Files\Nstorm\Super Elf Bowling 2\unins000.exe"
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncToy 2.0 (x86)-->MsiExec.exe /I{AFDFC350-C142-4790-BE12-8357AECD028F}
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Turbo Lister-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Veoh Player-->C:\Program Files\InstallShield Installation Information\{3D5A72E1-1467-4199-8CF6-12DA8D502A6B}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: SARAHS-LAPTOP
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Record Number: 43581
Source Name: Service Control Manager
Time Written: 20091012183133.000000+060
Event Type: error
User:

Computer Name: SARAHS-LAPTOP
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Record Number: 43580
Source Name: Service Control Manager
Time Written: 20091012183133.000000+060
Event Type: error
User:

Computer Name: SARAHS-LAPTOP
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\ACER-SERVER on the network \Device\NetBT_Tcpip_{D2BCE83B-13CB-487D-AB2D-A78F996B3DA7}.
The data is the error code.

Record Number: 43579
Source Name: BROWSER
Time Written: 20091012183054.000000+060
Event Type: warning
User:

Computer Name: SARAHS-LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040D082D74A. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 43574
Source Name: Dhcp
Time Written: 20091012122349.000000+060
Event Type: warning
User:

Computer Name: SARAHS-LAPTOP
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for PowerPoint Viewer 2003 (KB969615).

Record Number: 43569
Source Name: Windows Update Agent
Time Written: 20091011220031.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: SARAHS-LAPTOP
Event Code: 1517
Message: Windows saved user SARAHS-LAPTOP\Sarah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 28436
Source Name: Userenv
Time Written: 20090906223209.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SARAHS-LAPTOP
Event Code: 1517
Message: Windows saved user SARAHS-LAPTOP\Sarah registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 28262
Source Name: Userenv
Time Written: 20090823001923.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SARAHS-LAPTOP
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 28251
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090822233537.000000+060
Event Type: warning
User:

Computer Name: SARAHS-LAPTOP
Event Code: 0
Message: Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 28250
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090822233537.000000+060
Event Type: warning
User:

Computer Name: SARAHS-LAPTOP
Event Code: 0
Message: Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 28249
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090822233537.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

#5
December 5, 2009 at 12:13:40
gmer.log (please note that my virus, etc protection was only disabled for the first 15 minutes of the something like 5-hours scan! I shall redo it overnight but I don't know if you are in the UK or elsewhere and if this one will suffice....):

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 19:47:38
Windows 5.1.2600 Service Pack 3
Running: l1njiejq.exe; Driver: C:\DOCUME~1\Sarah\LOCALS~1\Temp\axlirkog.sys


---- System - GMER 1.0.15 ----

SSDT 8A44F120 ZwAlertResumeThread
SSDT 8A44F1E0 ZwAlertThread
SSDT 8A470008 ZwAllocateVirtualMemory
SSDT 8A3E80C0 ZwAssignProcessToJobObject
SSDT 8A658748 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9F1F7130]
SSDT 8A454068 ZwCreateMutant
SSDT 8A41C100 ZwCreateSymbolicLinkObject
SSDT 8A3BBE48 ZwCreateThread
SSDT 8A3E81A0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9F1F73B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9F1F7910]
SSDT 8A4C3378 ZwDuplicateObject
SSDT 8A4FDE98 ZwFreeVirtualMemory
SSDT 8A454158 ZwImpersonateAnonymousToken
SSDT 8A454008 ZwImpersonateThread
SSDT 8A52D0F0 ZwLoadDriver
SSDT 8A68AD50 ZwMapViewOfSection
SSDT 8A3F51A0 ZwOpenEvent
SSDT 8A6AC718 ZwOpenProcess
SSDT 8A47D4D0 ZwOpenProcessToken
SSDT 8A45E1E0 ZwOpenSection
SSDT 8A6AC648 ZwOpenThread
SSDT 8A41C1D0 ZwProtectVirtualMemory
SSDT 8A587348 ZwResumeThread
SSDT 8A3B6600 ZwSetContextThread
SSDT 8A51AF80 ZwSetInformationProcess
SSDT 8A45E098 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9F1F7B60]
SSDT 8A3F50C0 ZwSuspendProcess
SSDT 8A3B6480 ZwSuspendThread
SSDT 8A46F090 ZwTerminateProcess
SSDT 8A3B6540 ZwTerminateThread
SSDT 8A47D410 ZwUnmapViewOfSection
SSDT 8A470078 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A7D2618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Thanks for your help.


Report •

#6
December 5, 2009 at 18:31:29

I see you have FireFox install, so if possible download ComboFix with your internet explorer instead of Firefox if you don't mind.

Remember..your Nortons antivirus, Spybot, must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
December 7, 2009 at 05:54:59
Combofix.txt (I renamed combo-fix but it posted the txt file as combofix.txt):

ComboFix 09-12-05.06 - Sarah 07/12/2009 13:30.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1631 [GMT 0:00]
Running from: c:\documents and settings\Sarah\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2052111302-1972579041-682003330-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\lowsec

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 13:29 . 2009-08-22 07:21 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-07 13:21 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\NAVENG.SYS
2009-12-07 13:21 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\NAVENG32.DLL
2009-12-07 13:21 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\NAVEX32A.DLL
2009-12-07 13:21 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\NAVEX15.SYS
2009-12-07 13:21 . 2009-09-23 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\ECMSVR32.DLL
2009-12-07 13:21 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\CCERASER.DLL
2009-12-07 13:21 . 2009-08-26 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\EECTRL.SYS
2009-12-07 13:21 . 2009-08-26 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091206.022\ERASER.SYS
2009-12-05 11:02 . 2009-12-05 11:03 -------- d-----w- C:\rsit
2009-12-02 22:50 . 2009-12-02 22:50 -------- d-----w- c:\program files\Trend Micro
2009-12-02 21:27 . 2009-12-02 21:27 -------- d-----w- c:\documents and settings\Sarah\Application Data\Uniblue
2009-12-02 21:27 . 2009-12-02 21:27 -------- d-----w- c:\program files\Uniblue
2009-11-26 18:03 . 2009-11-26 18:03 -------- d-----w- c:\program files\Amazon
2009-11-13 17:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-13 17:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-13 17:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-13 17:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-13 17:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-11 21:11 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
2009-11-11 21:11 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\Scxpx86.dll
2009-11-11 21:11 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSvix86.sys
2009-11-11 21:11 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
2009-11-11 21:11 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 13:27 . 2007-02-06 22:57 -------- d-----w- c:\program files\Trillian
2009-12-07 13:27 . 2007-01-17 18:45 -------- d-----w- c:\documents and settings\Sarah\Application Data\Skype
2009-12-07 12:30 . 2006-10-11 09:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-01 13:47 . 2008-05-31 11:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 13:51 . 2006-05-14 14:53 -------- d-----w- c:\documents and settings\Sarah\Application Data\Canon
2009-11-30 10:42 . 2008-11-06 11:34 -------- d-----w- c:\documents and settings\Sarah\Application Data\uTorrent
2009-11-07 12:00 . 2008-09-09 14:01 -------- d-----w- c:\program files\DOSBox-0.63
2009-11-03 21:51 . 2005-11-08 22:16 -------- d-----w- c:\program files\Java
2009-11-03 21:49 . 2009-11-03 21:49 152576 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 13:26 . 2006-03-17 17:45 62896 ----a-w- c:\documents and settings\Sarah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-01 17:20 . 2009-11-01 17:20 -------- d-----w- c:\program files\MSECache
2009-10-29 13:14 . 2005-11-08 22:39 -------- d-----w- c:\program files\Google
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-26 19:35 . 2009-10-24 11:03 -------- d-----w- c:\documents and settings\Sarah\Application Data\SolSuite
2009-10-26 17:06 . 2006-05-13 16:41 73 ----a-w- c:\windows\popcinfo.dat
2009-10-25 19:18 . 2009-10-25 19:04 -------- d-----w- c:\program files\StackerBlocks3D
2009-10-24 14:38 . 2009-10-24 14:38 -------- d-----w- c:\program files\Magicwand
2009-10-24 14:29 . 2009-10-24 14:29 -------- d-----w- c:\program files\KARPOLAN
2009-10-24 11:03 . 2009-10-24 11:02 -------- d-----w- c:\program files\SolSuite
2009-10-24 10:59 . 2009-10-24 10:52 -------- d-----w- c:\program files\kiki
2009-10-24 10:52 . 2009-10-24 10:52 -------- d-----w- c:\program files\FruitArmageddon
2009-10-24 10:34 . 2009-10-24 10:34 -------- d-----w- c:\program files\The Times Testing Series
2009-10-23 22:57 . 2006-05-13 15:31 -------- d-----w- c:\program files\Alchemy Deluxe
2009-10-11 04:17 . 2008-12-14 10:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-18 19:57 . 2009-09-18 19:57 152576 ----a-w- c:\documents and settings\Sarah\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-17 18:04 . 2009-09-17 18:04 520192 ----a-w- c:\windows\system32\MathmosScreensaver.scr
2009-09-11 14:18 . 2005-11-03 07:30 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 09:44 . 2009-05-11 20:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-09 09:44 . 2009-05-11 20:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-09 09:43 . 2009-05-11 20:42 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2006-03-13 12:01 . 2006-03-13 11:52 31326208 ----a-w- c:\program files\NAV061200IN.exe.xds
2006-03-13 01:35 . 2006-03-13 01:35 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-11-08 22:39 . 2005-11-08 22:39 8 --sh--r- c:\windows\system32\2642F8B970.sys
2005-11-08 22:39 . 2005-11-08 22:39 5224 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-08 729178]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2005-10-04 45056]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-11-04 139264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-17 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-27 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sarah\Start Menu\Programs\Startup\
Skype.lnk - c:\program files\Skype\Phone\Skype.exe [2007-1-17 25365032]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2009-8-31 1873272]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24630:TCP"= 24630:TCP:BitComet 24630 TCP
"24630:UDP"= 24630:UDP:BitComet 24630 UDP

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [09/09/2009 09:44 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [09/09/2009 09:44 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [09/09/2009 09:43 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [13/11/2009 17:23 329592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [09/09/2009 09:44 117640]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25/11/2005 16:43 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/09/2009 19:28 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/10/2009 13:14 133104]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [08/11/2005 22:12 799744]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [03/11/2005 08:40 46108]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\9nt8bdl9.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcpbrkuk7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe
HKLM-Run-1utcontr.exe - c:\program files\User Time Control Center\utcontr.exe
AddRemove-Elf Bowling 6 Air Biscuits 1.0 - c:\program files\Nstorm\EB6 - Air Biscuits\Elf Bowling 6 Air Biscuits 1.0\Uninstall.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-RealArcade 1.2 - c:\program files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 13:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-12-07 13:48
ComboFix-quarantined-files.txt 2009-12-07 13:46

Pre-Run: 3,782,635,520 bytes free
Post-Run: 3,986,665,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C5003F432EFD4AB9A31F4CADA804DAB7

Thank you!


Report •

#8
December 7, 2009 at 17:56:02
Are you still being redirected?


Report •

#9
December 7, 2009 at 18:31:56
No, it's not! Does that mean it's cured?

And I can fix the other computer I did this to?!

And if so, thank you very much for your help!


Report •

#10
December 7, 2009 at 19:13:07
Does that mean it's cured? Yes


And I can fix the other computer I did this to?! I suggest that start a post to repair the other computer.

A little clean-up to do.

Delete RSIT, GMER and any Win32kDiag files from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •


Ask Question