Inactive [InActive] Rootkit/bot infections, logs attached

Below please find the two log files. <nice new tool!-HKJ no longer works much when I download it and install it.>
I also have zipfile of the nod32 sysinpector which does show some relevant info but I dont know if you want that. I could also post that text
if it might help. Likely, zipfiles would be infected.

Many computers have been infected with this "virus/bot/worm" It is memory resident. Reinstallations of the OS, CMOS and BIOS reset have not been effective (although I am not sure they were done in the correct manner, the tech was at least trying but he put the HD back in before he flashed the BIOS) I have had this since at least Aug and have tried all sort of removal tools/AVs/and pro help, to little avail. The original infection was not found, just adware and other trash that was left around by it. Malware bytes will not run on this machine, no rootkit finders will run if downloaded. I may be able to get them to run via usb. It does not have an installed cd drive but I have external one, currently uninstalled. This malware likely hangs on the windows installer, since it is probably similar to or the same as the malware which infected my other computers.
Maybe someone here has some idea. By the process of elimination, I now know that my gmail is linked to some bot(?) <That email is now forwarded to a different account whose page is not being hijacked>
This computer was infected simply by accessing the gmail page to get the link to install the sophos antivirus. Mcafee was functional at that time.
This is an acer with windows xp home. Sophos no longer functions/the mouse is crazy and safe mode, while apparently functional through f8 does not really act like safe mode. Oh and the cursor often turns into the google desktop <which was uninstalled, at least I tried> cursor but greyed out.
Thank you
Patty

info.txt logfile of random's system information tool 1.04 2008-11-10 13:55:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Foundstone SiteDigger 2.0-->MsiExec.exe /I{676A2C59-FADA-4931-87D8-8DADF0CE1CFA}
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD--> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
JMicron JMB38X Flash Media Controller--> "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D}
Sophos Client Firewall-->MsiExec.exe /X{17071117-5BB2-4737-B05B-C5FABD367313}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Vision-->C:\WINDOWS\uninst.exe -f "C:\Program Files\Foundstone\Vision\DeIsL1.isu" -c "C:\Program Files\Foundstone\Vision\_ISREG32.DLL "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "


======Security center information======

AV: Sophos Anti-Virus (disabled)
FW: Sophos Client Firewall (disabled)

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION "=1c02
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by P at 2008-11-10 13:55:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 142 GB (96%) free of 148 GB
Total RAM: 1012 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:11 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\P\LOCALS~1\Temp\RtkBtMnt.exe
C:\Documents and Settings\P\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\P.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SCFTrayStartUp] C:\Program Files\Sophos\Sophos Client Firewall\SCFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Client Firewall - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
O23 - Service: Sophos Client Firewall Manager - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe

--
End of file - 2212 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2008-02-27 141848]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2008-02-27 137752]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-05-15 16862720]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-24 1044480]
"SCFTrayStartUp "=C:\Program Files\Sophos\Sophos Client Firewall\SCFTray.exe [2007-04-03 224312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-14 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sophos Client Firewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sophos Client Firewall Manager]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

======List of files/folders created in the last 3 months======

2008-11-10 13:55:07 ----D---- C:\rsit
2008-11-09 06:23:58 ----SHD---- C:\Config.Msi
2008-11-09 04:11:36 ----D---- C:\Program Files\Foundstone Free Tools
2008-11-09 02:30:11 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-11-08 21:49:04 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-06 20:53:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-06 19:30:47 ----D---- C:\Documents and Settings\P\Application Data\Help
2008-11-06 19:29:15 ----A---- C:\WINDOWS\uninst.exe
2008-11-06 19:05:19 ----D---- C:\WINDOWS\system32\logs
2008-11-06 18:48:11 ----D---- C:\Program Files\Yahoo!
2008-11-06 18:48:05 ----D---- C:\Program Files\CCleaner
2008-11-02 02:11:01 ----D---- C:\Documents and Settings\P\Application Data\Google
2008-11-02 01:53:19 ----SHD---- C:\RECYCLER
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\ERUpdateHidden.EXE
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\CloseProcessWindow.dll
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\ClearEvent.exe
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\CheckD2DSystem.exe
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\Acer EULA.txt
2008-11-02 01:39:24 ----A---- C:\WINDOWS\xUninstall.bat
2008-11-02 01:39:22 ----D---- C:\WINDOWS\JMCR_DIR
2008-11-02 01:39:22 ----A---- C:\WINDOWS\system32\JmCrIcon.dll
2008-11-02 01:37:03 ----D---- C:\Program Files\Common Files\SNP2UVC
2008-11-02 01:37:02 ----D---- C:\WINDOWS\SUYIN NB Cam
2008-11-02 01:36:29 ----A---- C:\WINDOWS\system32\acer.exe
2008-11-02 01:36:15 ----D---- C:\Program Files\Acer Incorporated
2008-11-02 01:36:14 ----D---- C:\WINDOWS\ACER
2008-11-02 01:35:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-02 01:34:16 ----D---- C:\Program Files\Google
2008-11-02 01:33:20 ----D---- C:\Program Files\Launch Manager
2008-11-02 01:27:09 ----ASH---- C:\Documents and Settings\P\Application Data\desktop.ini
2008-11-02 01:27:07 ----SD---- C:\Documents and Settings\P\Application Data\Microsoft
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\Macromedia
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\InstallShield
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\Identities
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\Adobe
2008-11-02 01:21:41 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-01 16:25:56 ----D---- C:\Program Files\Microsoft Works
2008-11-01 14:23:30 ----HD---- C:\WINDOWS\PIF
2008-11-01 14:06:01 ----D---- C:\Documents and Settings\P\Application Data\Malwarebytes
2008-11-01 14:05:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-01 14:05:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-01 14:04:34 ----A---- C:\WINDOWS\system32\SAVRKBootTasks.txt
2008-11-01 13:30:55 ----A---- C:\WINDOWS\ODBC.INI
2008-11-01 13:28:36 ----D---- C:\Program Files\Common Files\Sophos
2008-11-01 13:27:54 ----A---- C:\WINDOWS\system32\sdccoinstaller.dll
2008-11-01 13:27:25 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-11-01 13:27:13 ----A---- C:\WINDOWS\system32\SophosBootTasks.exe
2008-11-01 13:27:01 ----D---- C:\Program Files\Sophos
2008-11-01 13:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2008-11-01 13:19:06 ----D---- C:\escwsa
2008-11-01 13:15:18 ----D---- C:\Program Files\Trend Micro
2008-11-01 12:40:51 ----D---- C:\Documents and Settings\P\Application Data\Mozilla
2008-11-01 12:40:40 ----D---- C:\Program Files\Mozilla Firefox
2008-11-01 12:24:59 ----D---- C:\Documents and Settings\P\Application Data\VSRevoGroup
2008-11-01 12:04:00 ----D---- C:\Program Files\VS Revo Group
2008-09-29 03:51:33 ----AD---- C:\WINDOWS\AcerStore
2008-08-15 12:42:54 ----AD---- C:\I386
2008-08-15 12:42:52 ----D---- C:\WINDOWS\Temp
2008-08-15 12:42:52 ----D---- C:\WINDOWS
2008-08-15 12:42:52 ----AD---- C:\Sysinfo
2008-08-15 12:37:44 ----D---- C:\WINDOWS\system32\config
2008-08-15 12:37:42 ----RASH---- C:\boot.ini
2008-08-15 12:37:42 ----A---- C:\WINDOWS\smscfg.ini
2008-08-15 12:37:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-15 12:37:36 ----AD---- C:\WINDOWS\system32
2008-08-15 12:37:30 ----AD---- C:\WINDOWS\system32\drivers
2008-08-15 12:19:48 ----D---- C:\WINDOWS\system32\Restore
2008-08-15 12:14:46 ----AD---- C:\WINDOWS\system32\oobe
2008-08-15 12:11:28 ----D---- C:\WINDOWS\Prefetch
2008-08-15 11:59:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-15 11:55:42 ----HD---- C:\WINDOWS\inf
2008-08-15 11:55:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-08-15 10:22:10 ----SHD---- C:\WINDOWS\Installer
2008-08-15 10:22:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-15 10:21:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-15 10:21:02 ----D---- C:\WINDOWS\WinSxS
2008-08-15 10:18:48 ----RD---- C:\Program Files
2008-08-15 10:18:48 ----D---- C:\Program Files\Microsoft Office Suite Activation Assistant
2008-08-15 10:18:30 ----RSD---- C:\WINDOWS\Fonts
2008-08-15 10:18:26 ----D---- C:\Program Files\Microsoft Office
2008-08-15 10:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-15 10:16:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-15 10:16:06 ----D---- C:\Program Files\Common Files
2008-08-15 10:15:50 ----D---- C:\WINDOWS\pchealth
2008-08-15 10:15:50 ----D---- C:\Program Files\Microsoft.NET
2008-08-15 10:14:44 ----D---- C:\WINDOWS\SHELLNEW
2008-08-15 10:13:48 ----RHD---- C:\MSOCache
2008-08-15 10:12:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-15 10:12:24 ----D---- C:\Program Files\InterVideo
2008-08-15 10:07:22 ----SD---- C:\WINDOWS\Tasks
2008-08-15 10:05:34 ----D---- C:\WINDOWS\Help
2008-08-15 10:03:54 ----D---- C:\Program Files\Adobe
2008-08-15 10:03:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-15 10:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-15 10:03:18 ----D---- C:\Program Files\Common Files\Adobe
2008-08-15 10:00:28 ----D---- C:\Program Files\Atheros
2008-08-15 10:00:20 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
2008-08-15 09:59:32 ----D---- C:\WINDOWS\OPTIONS
2008-08-15 09:59:32 ----D---- C:\Program Files\Realtek
2008-08-15 09:58:40 ----D---- C:\Program Files\Synaptics
2008-08-15 09:58:38 ----D---- C:\Program Files\Common Files\InstallShield
2008-08-15 09:57:04 ----D---- C:\WINDOWS\system32\RTCOM
2008-08-15 09:56:16 ----A---- C:\WINDOWS\HideWin.exe
2008-08-15 09:54:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-15 09:54:48 ----D---- C:\WINDOWS\system32\Lang
2008-08-15 09:53:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-15 09:51:28 ----D---- C:\Program Files\Internet Explorer
2008-08-15 09:50:08 ----D---- C:\WINDOWS\WBEM
2008-08-15 09:50:08 ----D---- C:\WINDOWS\system32\en-US
2008-08-15 09:50:04 ----D---- C:\WINDOWS\Media
2008-08-15 09:49:54 ----HDC---- C:\WINDOWS\ie7
2008-08-15 09:48:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-15 09:48:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-15 09:45:58 ----D---- C:\WINDOWS\Registration
2008-08-15 09:45:52 ----RSD---- C:\WINDOWS\assembly
2008-08-15 09:44:38 ----D---- C:\WINDOWS\system32\URTTemp
2008-08-15 09:44:12 ----D---- C:\WINDOWS\system32\mui
2008-08-15 09:44:04 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-15 09:43:32 ----HD---- C:\Program Files\Uninstall Information
2008-08-15 09:41:32 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-15 09:41:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-15 09:41:06 ----D---- C:\Program Files\Intel
2008-08-15 09:40:58 ----D---- C:\Intel
2008-08-15 09:40:52 ----D---- C:\Documents and Settings
2008-08-15 09:40:44 ----SHD---- C:\System Volume Information
2008-08-15 09:40:42 ----SD---- C:\WINDOWS\system32\Microsoft
2008-08-15 09:37:54 ----D---- C:\WINDOWS\system32\xircom
2008-08-15 09:37:54 ----D---- C:\WINDOWS\system32\wbem
2008-08-15 09:37:54 ----D---- C:\WINDOWS\security
2008-08-15 09:37:54 ----D---- C:\WINDOWS\ime
2008-08-15 09:37:54 ----D---- C:\Program Files\xerox
2008-08-15 09:37:54 ----D---- C:\Program Files\microsoft frontpage
2008-08-15 09:37:44 ----A---- C:\WINDOWS\control.ini
2008-08-15 09:37:44 ----A---- C:\AUTOEXEC.BAT
2008-08-15 09:37:42 ----D---- C:\Program Files\Windows Media Player
2008-08-15 09:37:42 ----A---- C:\WINDOWS\win.ini
2008-08-15 09:37:26 ----A---- C:\WINDOWS\ODBCINST.INI
2008-08-15 09:37:08 ----D---- C:\WINDOWS\system32\ias
2008-08-15 09:36:30 ----RD---- C:\WINDOWS\Web
2008-08-15 09:36:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-15 09:36:26 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-15 09:36:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-15 09:36:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-08-15 09:36:12 ----HD---- C:\Program Files\WindowsUpdate
2008-08-15 09:35:58 ----D---- C:\WINDOWS\srchasst
2008-08-15 09:35:56 ----D---- C:\WINDOWS\system32\DirectX
2008-08-15 09:35:54 ----D---- C:\Program Files\NetMeeting
2008-08-15 09:35:54 ----D---- C:\Program Files\Common Files\Services
2008-08-15 09:35:52 ----D---- C:\Program Files\Outlook Express
2008-08-15 09:35:52 ----D---- C:\Program Files\Common Files\MSSoap
2008-08-15 09:35:50 ----D---- C:\WINDOWS\system32\Macromed
2008-08-15 09:35:50 ----D---- C:\Program Files\Movie Maker
2008-08-15 09:35:40 ----D---- C:\Program Files\Common Files\System
2008-08-15 09:35:36 ----D---- C:\WINDOWS\system32\Com
2008-08-15 09:35:26 ----D---- C:\Program Files\ComPlus Applications
2008-08-15 09:35:22 ----A---- C:\WINDOWS\vbaddin.ini
2008-08-15 09:35:22 ----A---- C:\WINDOWS\vb.ini
2008-08-15 09:35:16 ----D---- C:\WINDOWS\system32\MsDtc
2008-08-15 09:34:38 ----D---- C:\Program Files\Online Services
2008-08-15 09:34:36 ----D---- C:\WINDOWS\system32\FxsTmp
2008-08-15 09:34:36 ----A---- C:\WINDOWS\T30DebugLogFile.txt
2008-08-15 09:34:30 ----D---- C:\Program Files\Messenger
2008-08-15 09:34:28 ----D---- C:\Program Files\MSN Gaming Zone
2008-08-15 09:34:26 ----D---- C:\WINDOWS\Cursors
2008-08-15 09:34:24 ----D---- C:\Program Files\Windows NT
2008-08-15 09:34:22 ----D---- C:\WINDOWS\addins
2008-08-15 09:34:18 ----D---- C:\Program Files\MSN
2008-08-15 09:33:42 ----D---- C:\WINDOWS\system32\spool
2008-08-15 09:23:00 ----AD---- C:\Book
2008-08-15 09:22:54 ----D---- C:\Acer
2008-08-15 09:19:02 ----AD---- C:\VALUEADD
2008-08-15 02:33:16 ----A---- C:\WINDOWS\system32\h323log.txt
2008-08-15 02:31:46 ----D---- C:\WINDOWS\WLAN
2008-08-15 02:31:46 ----D---- C:\WINDOWS\Camera
2008-08-15 02:30:46 ----D---- C:\Program Files\Common Files\ODBC
2008-08-15 02:30:44 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-08-15 02:30:44 ----A---- C:\WINDOWS\system.ini
2008-08-15 02:30:24 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-08-15 02:30:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-15 02:29:58 ----D---- C:\WINDOWS\Debug
2008-08-15 02:29:50 ----D---- C:\WINDOWS\system32\usmt
2008-08-15 02:29:50 ----D---- C:\WINDOWS\system32\scripting
2008-08-15 02:29:50 ----D---- C:\WINDOWS\system32\en
2008-08-15 02:29:50 ----D---- C:\WINDOWS\Network Diagnostic
2008-08-15 02:29:50 ----D---- C:\WINDOWS\L2Schemas
2008-08-15 02:29:12 ----D---- C:\WINDOWS\system32\Setup
2008-08-15 02:29:06 ----D---- C:\WINDOWS\AppPatch
2008-08-15 02:29:00 ----D---- C:\WINDOWS\PeerNet
2008-08-15 02:28:52 ----D---- C:\WINDOWS\system32\npp
2008-08-15 02:28:48 ----D---- C:\WINDOWS\msagent
2008-08-15 02:26:08 ----D---- C:\WINDOWS\twain_32
2008-08-15 02:25:46 ----D---- C:\WINDOWS\system32\ras
2008-08-15 02:25:14 ----D---- C:\WINDOWS\system32\icsxml
2008-08-15 02:24:58 ----D---- C:\WINDOWS\system32\1033
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\wins
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\ShellExt
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\IME
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\export
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\dhcp
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\3com_dmi
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\3076
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\2052
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1054
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1042
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1041
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1037
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1031
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1028
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1025
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Resources
2008-08-15 02:24:34 ----D---- C:\WINDOWS\repair
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Provisioning
2008-08-15 02:24:34 ----D---- C:\WINDOWS\mui
2008-08-15 02:24:34 ----D---- C:\WINDOWS\msapps
2008-08-15 02:24:34 ----D---- C:\WINDOWS\java
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Driver Cache
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Connection Wizard
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Config

======List of files/folders modified in the last 3 months======

2008-11-02 01:44:35 ----A---- C:\WINDOWS\ALaunch.ini
2008-11-01 14:32:14 ----A---- C:\WINDOWS\PLFSetL.exe
2008-09-29 03:51:37 ----A---- C:\WINDOWS\HotFix2.bat
2008-09-29 03:51:37 ----A---- C:\WINDOWS\HotFix.bat
2008-09-29 03:49:50 ----AD---- C:\WINDOWS\system
2008-09-05 03:14:44 ----A---- C:\WINDOWS\CLEANUP.CMD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-07-18 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-07-18 35584]
R1 scfdriver;SCF Kernel Driver; \??\C:\WINDOWS\system32\Drivers\scfdriver.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-20 1312576]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-14 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-30 108800]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-24 225024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 14976]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-09-22 69632]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2008-06-26 172032]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [2007-04-03 109624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-21 98304]
S2 Sophos Client Firewall;Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [2007-04-03 93240]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

 

Welcome to WindowsBBS Patty

Lets have a look at what drivers are being loaded at startup, since you report rootkit tools will not run.

Search for and delete c:\windows\ntbtlog.txt if it exists.
Restart the computer and begin tapping the F8 key on startup to enable the Advanced Start Menu.
Select Enable Boot Logging from the list.
Once you've logged on, navigate to and open the c:\windows\ntbtlog.txt file then post it's contents here.

 

Geez, thanks for your very prompt reply! I really appreciate your efforts.
Below is the new startupfile as per your instructions. I turned on all the startups that I had formerly turned off via the revouninstaller. In light of possible changes, I also posted new log and info txts. I deleted the previous version of the program and files and then downloaded and ran the program again. <additionally, I installed itunes last night, since I had to get a book, so those changes are shown-sorry I had no idea I would actually get a response-that has not happened for weeks in the other forums I have used>
Thanks thanks thanks!!


Service Pack 311 12 2008 10:13:37.375
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver aliide.sys
Loaded driver cmdide.sys
Loaded driver toside.sys
Loaded driver viaide.sys
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver cpqarray.sys
Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Loaded driver atapi.sys
Loaded driver aha154x.sys
Loaded driver sparrow.sys
Loaded driver symc810.sys
Loaded driver aic78xx.sys
Loaded driver dac960nt.sys
Loaded driver ql10wnt.sys
Loaded driver amsint.sys
Loaded driver asc.sys
Loaded driver asc3550.sys
Loaded driver mraid35x.sys
Loaded driver i2omp.sys
Loaded driver ini910u.sys
Loaded driver ql1240.sys
Loaded driver aic78u2.sys
Loaded driver symc8xx.sys
Loaded driver sym_hi.sys
Loaded driver sym_u3.sys
Loaded driver ABP480N5.SYS
Loaded driver asc3350p.sys
Loaded driver cd20xrnt.sys
Loaded driver ultra.sys
Loaded driver adpu160m.sys
Loaded driver dpti2o.sys
Loaded driver ql1080.sys
Loaded driver ql1280.sys
Loaded driver ql12160.sys
Loaded driver perc2.sys
Loaded driver perc2hib.sys
Loaded driver hpn.sys
Loaded driver cbidf2k.sys
Loaded driver dac2w2k.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver sisagp.sys
Loaded driver viaagp.sys
Loaded driver Mup.sys
Loaded driver alim1541.sys
Loaded driver amdagp.sys
Loaded driver agp440.sys
Loaded driver agpCPQ.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\igxpmp32.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtenicxp.sys
Loaded driver \SystemRoot\system32\DRIVERS\athw.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\DKbFltr.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\wmiacpi.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\snp2uvc.sys
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\savonaccessfilter.sys
Loaded driver \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipfltdrv.sys
Loaded driver \??\C:\WINDOWS\system32\Drivers\scfdriver.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Did not load driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys

the new logfile
Logfile of random's system information tool 1.04 (written by random/random)
Run by P at 2008-11-12 10:25:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 141 GB (95%) free of 148 GB
Total RAM: 1012 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:04 AM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\P\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\P.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SCFTrayStartUp] C:\Program Files\Sophos\Sophos Client Firewall\SCFTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Client Firewall - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
O23 - Service: Sophos Client Firewall Manager - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe

--
End of file - 4147 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2008-02-27 141848]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2008-02-27 137752]
"SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-24 1044480]
"SCFTrayStartUp "=C:\Program Files\Sophos\Sophos Client Firewall\SCFTray.exe [2007-04-03 224312]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"PLFSetL "=C:\WINDOWS\PLFSetL.exe [2008-11-01 94208]
"snp2uvc "=C:\WINDOWS\vsnp2uvc.exe []
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2008-02-27 166424]
"AzMixerSel "=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"LaunchApp "=Alaunch []
"eRecoveryService "=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2008-05-22 425984]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-05-15 16862720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-14 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sophos Client Firewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sophos Client Firewall Manager]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE "= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

======List of files/folders created in the last 3 months======

2008-11-12 10:25:01 ----D---- C:\rsit
2008-11-12 10:14:00 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-11 17:23:24 ----D---- C:\Documents and Settings\P\Application Data\Apple Computer
2008-11-11 17:23:18 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-11-11 17:23:07 ----D---- C:\Program Files\iPod
2008-11-11 17:23:06 ----D---- C:\Program Files\iTunes
2008-11-11 17:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-11 17:22:56 ----D---- C:\Program Files\Bonjour
2008-11-11 17:22:33 ----D---- C:\Program Files\QuickTime
2008-11-11 17:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-11 17:22:16 ----D---- C:\Program Files\Apple Software Update
2008-11-11 17:22:00 ----D---- C:\Program Files\Common Files\Apple
2008-11-11 17:21:59 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-11 16:03:50 ----D---- C:\Program Files\Audible
2008-11-09 04:11:36 ----D---- C:\Program Files\Foundstone Free Tools
2008-11-09 02:30:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-08 21:49:04 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-06 20:53:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-06 19:30:47 ----D---- C:\Documents and Settings\P\Application Data\Help
2008-11-06 19:29:15 ----A---- C:\WINDOWS\uninst.exe
2008-11-06 19:05:19 ----D---- C:\WINDOWS\system32\logs
2008-11-06 18:48:11 ----D---- C:\Program Files\Yahoo!
2008-11-06 18:48:05 ----D---- C:\Program Files\CCleaner
2008-11-02 02:11:01 ----D---- C:\Documents and Settings\P\Application Data\Google
2008-11-02 01:53:19 ----SHD---- C:\RECYCLER
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\ERUpdateHidden.EXE
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\CloseProcessWindow.dll
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\ClearEvent.exe
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\CheckD2DSystem.exe
2008-11-02 01:41:09 ----A---- C:\WINDOWS\system32\Acer EULA.txt
2008-11-02 01:39:24 ----A---- C:\WINDOWS\xUninstall.bat
2008-11-02 01:39:22 ----D---- C:\WINDOWS\JMCR_DIR
2008-11-02 01:39:22 ----A---- C:\WINDOWS\system32\JmCrIcon.dll
2008-11-02 01:37:03 ----D---- C:\Program Files\Common Files\SNP2UVC
2008-11-02 01:37:02 ----D---- C:\WINDOWS\SUYIN NB Cam
2008-11-02 01:36:29 ----A---- C:\WINDOWS\system32\acer.exe
2008-11-02 01:36:15 ----D---- C:\Program Files\Acer Incorporated
2008-11-02 01:36:14 ----D---- C:\WINDOWS\ACER
2008-11-02 01:35:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-02 01:34:16 ----D---- C:\Program Files\Google
2008-11-02 01:33:20 ----D---- C:\Program Files\Launch Manager
2008-11-02 01:27:09 ----ASH---- C:\Documents and Settings\P\Application Data\desktop.ini
2008-11-02 01:27:07 ----SD---- C:\Documents and Settings\P\Application Data\Microsoft
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\Macromedia
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\InstallShield
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\Identities
2008-11-02 01:27:07 ----D---- C:\Documents and Settings\P\Application Data\Adobe
2008-11-02 01:21:41 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-01 16:25:56 ----D---- C:\Program Files\Microsoft Works
2008-11-01 14:23:30 ----HD---- C:\WINDOWS\PIF
2008-11-01 14:06:01 ----D---- C:\Documents and Settings\P\Application Data\Malwarebytes
2008-11-01 14:05:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-01 14:05:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-01 14:04:34 ----A---- C:\WINDOWS\system32\SAVRKBootTasks.txt
2008-11-01 13:30:55 ----A---- C:\WINDOWS\ODBC.INI
2008-11-01 13:28:36 ----D---- C:\Program Files\Common Files\Sophos
2008-11-01 13:27:54 ----A---- C:\WINDOWS\system32\sdccoinstaller.dll
2008-11-01 13:27:25 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-11-01 13:27:13 ----A---- C:\WINDOWS\system32\SophosBootTasks.exe
2008-11-01 13:27:01 ----D---- C:\Program Files\Sophos
2008-11-01 13:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos
2008-11-01 13:19:06 ----D---- C:\escwsa
2008-11-01 13:15:18 ----D---- C:\Program Files\Trend Micro
2008-11-01 12:40:51 ----D---- C:\Documents and Settings\P\Application Data\Mozilla
2008-11-01 12:40:40 ----D---- C:\Program Files\Mozilla Firefox
2008-11-01 12:24:59 ----D---- C:\Documents and Settings\P\Application Data\VSRevoGroup
2008-11-01 12:04:00 ----D---- C:\Program Files\VS Revo Group
2008-09-29 03:51:33 ----AD---- C:\WINDOWS\AcerStore
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-15 12:42:54 ----AD---- C:\I386
2008-08-15 12:42:52 ----D---- C:\WINDOWS\Temp
2008-08-15 12:42:52 ----D---- C:\WINDOWS
2008-08-15 12:42:52 ----AD---- C:\Sysinfo
2008-08-15 12:37:44 ----D---- C:\WINDOWS\system32\config
2008-08-15 12:37:42 ----RASH---- C:\boot.ini
2008-08-15 12:37:42 ----A---- C:\WINDOWS\smscfg.ini
2008-08-15 12:37:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-15 12:37:36 ----AD---- C:\WINDOWS\system32
2008-08-15 12:37:30 ----AD---- C:\WINDOWS\system32\drivers
2008-08-15 12:19:48 ----D---- C:\WINDOWS\system32\Restore
2008-08-15 12:14:46 ----AD---- C:\WINDOWS\system32\oobe
2008-08-15 12:11:28 ----D---- C:\WINDOWS\Prefetch
2008-08-15 11:59:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-15 11:55:42 ----HD---- C:\WINDOWS\inf
2008-08-15 11:55:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-08-15 10:22:10 ----SHD---- C:\WINDOWS\Installer
2008-08-15 10:22:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-15 10:21:04 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-15 10:21:02 ----D---- C:\WINDOWS\WinSxS
2008-08-15 10:18:48 ----RD---- C:\Program Files
2008-08-15 10:18:48 ----D---- C:\Program Files\Microsoft Office Suite Activation Assistant
2008-08-15 10:18:30 ----RSD---- C:\WINDOWS\Fonts
2008-08-15 10:18:26 ----D---- C:\Program Files\Microsoft Office
2008-08-15 10:18:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-15 10:16:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-15 10:16:06 ----D---- C:\Program Files\Common Files
2008-08-15 10:15:50 ----D---- C:\WINDOWS\pchealth
2008-08-15 10:15:50 ----D---- C:\Program Files\Microsoft.NET
2008-08-15 10:14:44 ----D---- C:\WINDOWS\SHELLNEW
2008-08-15 10:13:48 ----RHD---- C:\MSOCache
2008-08-15 10:12:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-15 10:12:24 ----D---- C:\Program Files\InterVideo
2008-08-15 10:07:22 ----SD---- C:\WINDOWS\Tasks
2008-08-15 10:05:34 ----D---- C:\WINDOWS\Help
2008-08-15 10:03:54 ----D---- C:\Program Files\Adobe
2008-08-15 10:03:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-15 10:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-15 10:03:18 ----D---- C:\Program Files\Common Files\Adobe
2008-08-15 10:00:28 ----D---- C:\Program Files\Atheros
2008-08-15 10:00:20 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
2008-08-15 09:59:32 ----D---- C:\WINDOWS\OPTIONS
2008-08-15 09:59:32 ----D---- C:\Program Files\Realtek
2008-08-15 09:58:40 ----D---- C:\Program Files\Synaptics
2008-08-15 09:58:38 ----D---- C:\Program Files\Common Files\InstallShield
2008-08-15 09:57:04 ----D---- C:\WINDOWS\system32\RTCOM
2008-08-15 09:56:16 ----A---- C:\WINDOWS\HideWin.exe
2008-08-15 09:54:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-15 09:54:48 ----D---- C:\WINDOWS\system32\Lang
2008-08-15 09:53:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-15 09:51:28 ----D---- C:\Program Files\Internet Explorer
2008-08-15 09:50:08 ----D---- C:\WINDOWS\WBEM
2008-08-15 09:50:08 ----D---- C:\WINDOWS\system32\en-US
2008-08-15 09:50:04 ----D---- C:\WINDOWS\Media
2008-08-15 09:49:54 ----HDC---- C:\WINDOWS\ie7
2008-08-15 09:48:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-15 09:48:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-15 09:45:58 ----D---- C:\WINDOWS\Registration
2008-08-15 09:45:52 ----RSD---- C:\WINDOWS\assembly
2008-08-15 09:44:38 ----D---- C:\WINDOWS\system32\URTTemp
2008-08-15 09:44:12 ----D---- C:\WINDOWS\system32\mui
2008-08-15 09:44:04 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-15 09:43:32 ----HD---- C:\Program Files\Uninstall Information
2008-08-15 09:41:32 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-15 09:41:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-15 09:41:06 ----D---- C:\Program Files\Intel
2008-08-15 09:40:58 ----D---- C:\Intel
2008-08-15 09:40:52 ----D---- C:\Documents and Settings
2008-08-15 09:40:44 ----SHD---- C:\System Volume Information
2008-08-15 09:40:42 ----SD---- C:\WINDOWS\system32\Microsoft
2008-08-15 09:37:54 ----D---- C:\WINDOWS\system32\xircom
2008-08-15 09:37:54 ----D---- C:\WINDOWS\system32\wbem
2008-08-15 09:37:54 ----D---- C:\WINDOWS\security
2008-08-15 09:37:54 ----D---- C:\WINDOWS\ime
2008-08-15 09:37:54 ----D---- C:\Program Files\xerox
2008-08-15 09:37:54 ----D---- C:\Program Files\microsoft frontpage
2008-08-15 09:37:44 ----A---- C:\WINDOWS\control.ini
2008-08-15 09:37:44 ----A---- C:\AUTOEXEC.BAT
2008-08-15 09:37:42 ----D---- C:\Program Files\Windows Media Player
2008-08-15 09:37:42 ----A---- C:\WINDOWS\win.ini
2008-08-15 09:37:26 ----A---- C:\WINDOWS\ODBCINST.INI
2008-08-15 09:37:08 ----D---- C:\WINDOWS\system32\ias
2008-08-15 09:36:30 ----RD---- C:\WINDOWS\Web
2008-08-15 09:36:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-15 09:36:26 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-15 09:36:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-15 09:36:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-08-15 09:36:12 ----HD---- C:\Program Files\WindowsUpdate
2008-08-15 09:35:58 ----D---- C:\WINDOWS\srchasst
2008-08-15 09:35:56 ----D---- C:\WINDOWS\system32\DirectX
2008-08-15 09:35:54 ----D---- C:\Program Files\NetMeeting
2008-08-15 09:35:54 ----D---- C:\Program Files\Common Files\Services
2008-08-15 09:35:52 ----D---- C:\Program Files\Outlook Express
2008-08-15 09:35:52 ----D---- C:\Program Files\Common Files\MSSoap
2008-08-15 09:35:50 ----D---- C:\WINDOWS\system32\Macromed
2008-08-15 09:35:50 ----D---- C:\Program Files\Movie Maker
2008-08-15 09:35:40 ----D---- C:\Program Files\Common Files\System
2008-08-15 09:35:36 ----D---- C:\WINDOWS\system32\Com
2008-08-15 09:35:26 ----D---- C:\Program Files\ComPlus Applications
2008-08-15 09:35:22 ----A---- C:\WINDOWS\vbaddin.ini
2008-08-15 09:35:22 ----A---- C:\WINDOWS\vb.ini
2008-08-15 09:35:16 ----D---- C:\WINDOWS\system32\MsDtc
2008-08-15 09:34:38 ----D---- C:\Program Files\Online Services
2008-08-15 09:34:36 ----D---- C:\WINDOWS\system32\FxsTmp
2008-08-15 09:34:36 ----A---- C:\WINDOWS\T30DebugLogFile.txt
2008-08-15 09:34:30 ----D---- C:\Program Files\Messenger
2008-08-15 09:34:28 ----D---- C:\Program Files\MSN Gaming Zone
2008-08-15 09:34:26 ----D---- C:\WINDOWS\Cursors
2008-08-15 09:34:24 ----D---- C:\Program Files\Windows NT
2008-08-15 09:34:22 ----D---- C:\WINDOWS\addins
2008-08-15 09:34:18 ----D---- C:\Program Files\MSN
2008-08-15 09:33:42 ----D---- C:\WINDOWS\system32\spool
2008-08-15 09:23:00 ----AD---- C:\Book
2008-08-15 09:22:54 ----D---- C:\Acer
2008-08-15 09:19:02 ----AD---- C:\VALUEADD
2008-08-15 02:33:16 ----A---- C:\WINDOWS\system32\h323log.txt
2008-08-15 02:31:46 ----D---- C:\WINDOWS\WLAN
2008-08-15 02:31:46 ----D---- C:\WINDOWS\Camera
2008-08-15 02:30:46 ----D---- C:\Program Files\Common Files\ODBC
2008-08-15 02:30:44 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-08-15 02:30:44 ----A---- C:\WINDOWS\system.ini
2008-08-15 02:30:24 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-08-15 02:30:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-15 02:29:58 ----D---- C:\WINDOWS\Debug
2008-08-15 02:29:50 ----D---- C:\WINDOWS\system32\usmt
2008-08-15 02:29:50 ----D---- C:\WINDOWS\system32\scripting
2008-08-15 02:29:50 ----D---- C:\WINDOWS\system32\en
2008-08-15 02:29:50 ----D---- C:\WINDOWS\Network Diagnostic
2008-08-15 02:29:50 ----D---- C:\WINDOWS\L2Schemas
2008-08-15 02:29:12 ----D---- C:\WINDOWS\system32\Setup
2008-08-15 02:29:06 ----D---- C:\WINDOWS\AppPatch
2008-08-15 02:29:00 ----D---- C:\WINDOWS\PeerNet
2008-08-15 02:28:52 ----D---- C:\WINDOWS\system32\npp
2008-08-15 02:28:48 ----D---- C:\WINDOWS\msagent
2008-08-15 02:26:08 ----D---- C:\WINDOWS\twain_32
2008-08-15 02:25:46 ----D---- C:\WINDOWS\system32\ras
2008-08-15 02:25:14 ----D---- C:\WINDOWS\system32\icsxml
2008-08-15 02:24:58 ----D---- C:\WINDOWS\system32\1033
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\wins
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\ShellExt
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\IME
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\export
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\dhcp
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\3com_dmi
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\3076
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\2052
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1054
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1042
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1041
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1037
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1031
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1028
2008-08-15 02:24:34 ----D---- C:\WINDOWS\system32\1025
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Resources
2008-08-15 02:24:34 ----D---- C:\WINDOWS\repair
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Provisioning
2008-08-15 02:24:34 ----D---- C:\WINDOWS\mui
2008-08-15 02:24:34 ----D---- C:\WINDOWS\msapps
2008-08-15 02:24:34 ----D---- C:\WINDOWS\java
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Driver Cache
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Connection Wizard
2008-08-15 02:24:34 ----D---- C:\WINDOWS\Config

======List of files/folders modified in the last 3 months======

2008-11-02 01:44:35 ----A---- C:\WINDOWS\ALaunch.ini
2008-11-01 14:32:14 ----A---- C:\WINDOWS\PLFSetL.exe
2008-09-29 03:51:37 ----A---- C:\WINDOWS\HotFix2.bat
2008-09-29 03:51:37 ----A---- C:\WINDOWS\HotFix.bat
2008-09-29 03:49:50 ----AD---- C:\WINDOWS\system
2008-09-05 03:14:44 ----A---- C:\WINDOWS\CLEANUP.CMD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2008-07-18 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2008-07-18 35584]
R1 scfdriver;SCF Kernel Driver; \??\C:\WINDOWS\system32\Drivers\scfdriver.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-20 1312576]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-14 5854752]
R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-30 108800]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-24 225024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1.tmp []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 14976]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-09-22 69632]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2008-06-26 172032]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [2007-04-03 109624]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-21 98304]
S2 Sophos Client Firewall;Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [2007-04-03 93240]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-12 10:25:07

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe -runfromtemp -l0x0009 -removeonly
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup.exe /Uninstall
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Foundstone SiteDigger 2.0-->MsiExec.exe /I{676A2C59-FADA-4931-87D8-8DADF0CE1CFA}
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD--> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
JMicron JMB38X Flash Media Controller--> "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D}
Sophos Client Firewall-->MsiExec.exe /X{17071117-5BB2-4737-B05B-C5FABD367313}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Vision-->C:\WINDOWS\uninst.exe -f "C:\Program Files\Foundstone\Vision\DeIsL1.isu" -c "C:\Program Files\Foundstone\Vision\_ISREG32.DLL "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "

======Security center information======

AV: Sophos Anti-Virus (disabled)
FW: Sophos Client Firewall (disabled)

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION "=1c02
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"CLASSPATH "=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA "=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

 

Hi Patty,

I don't see anything rogue in your logs. You mentioned a zip file of nod32 sysinpector. I would indeed like to see that. You can attach it to an email to me. Put RE: smitRem in the subject line please.

 

other logs

I will send you some other logs. I will also get a sophos tool that logs extensively. I have to forward those from my gmail account via some other computer, so that will be later today.
The gmail account infected this computer.
Thanks for your help
Patty