Solved rsit - MicroAV Virus, fixed most of it

[Resolved] rsit - MicroAV Virus, fixed most of it

I recently just got the MicroAV virus on my computer from downloading a file off my web browser and I guess avast did not catch it but it is enabled. At first, I was not even able to start windows correctly: I went on another computer and downloaded combofix. I then restarted my computer and before if fully booted, I went into task manager and ran combofix off a usb drive. When I restarted again, I was better able to boot without the security warnings in the taskbar.

I ran Spybot, downloaded MBAM and removed spybot and mbam infected entries. My system seems to be working better now.

Things that are still suspicious are that reloading explorer, it quickly went to military time, but I switched that back and has not happened yet again. I had to reinstall avast to get the startup entry back, because the virus destroyed it.

If you need me to run any tools again, I will do so. I just want to make sure everything is clean that I did not fix earlier.

 

log

Logfile of random's system information tool 1.02 (written by random/random)
Run by Jordy at 2008-09-26 16:10:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 90 GB (78%) free of 114 GB
Total RAM: 1014 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:11 PM, on 9/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\oodtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jordy\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jordy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08AXLRD_11564234] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-21-770027638-2987043721-1606950752-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-770027638-2987043721-1606950752-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

 

continued

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://primis.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159762546734
O20 - AppInit_DLLs: ojtwpo.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Unknown owner - C:\Program Files\Kerio\Personal Firewall\persfw.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 9996 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Tvs "=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain "=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"TPNF "=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"TDispVol "=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"PSQLLauncher "=C:\Program Files\Protector Suite QL\launcher.exe [2006-01-13 30208]
"PadTouch "=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-07-15 1077322]
"IntelZeroConfig "=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless "=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"Apoint "=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2007-04-16 135168]
"HWSetup "=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2007-04-16 131072]
"Pinger "=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"SmoothView "=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"SVPWUTIL "=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"ZoomingHook "=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"Acrobat Assistant 8.0 "=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"OODefragTray "=C:\WINDOWS\system32\oodtray.exe [2008-09-04 2524416]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"L08AXLRD_11564234 "=C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopMaestro]
C:\Program Files\Desktop Maestro\deskmech.exe [2008-08-01 3213200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L08AXLRD_4177671]
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickStart]
C:\WINDOWS\system32\

 

continued

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
C:\Program Files\ThreatFire\TFTray.exe [2008-04-24 259392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2004-08-28 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jordy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "=" ojtwpo.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-01-13 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\TOSHIBA\ivp\NetInt\Netint.exe "= "C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine "
"C:\TOSHIBA\Ivp\ISM\pinger.exe "= "C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\UnrealTournament\System\UnrealTournament.exe "= "C:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Opera\Opera.exe "= "C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\AIM6_Cloned\aim6.exe "= "C:\Program Files\AIM6_Cloned\aim6.exe:*:Enabled:AIM "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47438864-6b34-11dd-993e-001302a3e823}]
shell\AutoRun\command - E:\LaunchU3.exe


======List of files/folders created in the last 3 months======

2008-09-26 15:33:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-09-26 15:33:53 ----D---- C:\Program Files\Alwil Software
2008-09-26 14:48:33 ----D---- C:\Program Files\ThreatFire
2008-09-25 22:06:06 ----D---- C:\VundoFix Backups
2008-09-25 22:06:06 ----A---- C:\VundoFix.txt
2008-09-25 22:03:22 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-25 22:03:19 ----A---- C:\rapport.txt
2008-09-25 22:02:47 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-09-25 22:02:47 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-25 22:02:46 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-09-25 18:37:34 ----SHD---- C:\RECYCLER
2008-09-25 18:36:56 ----A---- C:\ComboFix.txt
2008-09-25 18:23:34 ----D---- C:\WINDOWS\erdnt
2008-09-25 18:22:58 ----A---- C:\WINDOWS\zip.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\VFind.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\SWSC.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\swreg.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\sed.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\grep.exe
2008-09-25 18:22:58 ----A---- C:\WINDOWS\fdsv.exe
2008-09-25 18:22:57 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-25 18:17:53 ----D---- C:\Qoobox
2008-09-25 17:07:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-25 16:01:35 ----A---- C:\WINDOWS\system32\73d590dc-.txt
2008-09-25 15:57:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-25 15:22:24 ----D---- C:\Program Files\trend micro
2008-09-25 15:22:21 ----D---- C:\rsit
2008-09-24 22:34:18 ----A---- C:\WINDOWS\DOOMII.ini
2008-09-24 22:34:17 ----D---- C:\Program Files\DOOM II
2008-09-24 21:11:54 ----D---- C:\Program Files\OO Software
2008-09-24 18:39:30 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-09-24 18:25:02 ----D---- C:\Documents and Settings\Jordy\Application Data\Desktop Maestro
2008-09-24 18:23:57 ----D---- C:\Program Files\Desktop Maestro
2008-09-24 17:53:28 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-23 21:58:21 ----D---- C:\Documents and Settings\Jordy\Application Data\LimeWire
2008-09-23 21:57:59 ----D---- C:\Program Files\LimeWire
2008-09-22 19:41:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-20 23:13:10 ----D---- C:\Documents and Settings\Jordy\Application Data\Malwarebytes
2008-09-20 23:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 20:36:16 ----D---- C:\Documents and Settings\Jordy\Application Data\HouseCall 6.6
2008-09-19 19:50:40 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-09-19 15:19:14 ----D---- C:\Program Files\ViStart
2008-09-15 22:17:59 ----D---- C:\Program Files\UPHClean
2008-09-12 13:18:54 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-12 13:15:37 ----D---- C:\Program Files\NoNAV
2008-09-09 15:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-09 15:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-04 06:02:30 ----A---- C:\WINDOWS\system32\oodsvct.exe
2008-09-04 06:02:24 ----A---- C:\WINDOWS\system32\oodag.exe
2008-09-04 06:01:42 ----A---- C:\WINDOWS\system32\oodtray.exe
2008-09-04 06:01:08 ----A---- C:\WINDOWS\system32\oodbs.exe
2008-09-04 05:58:38 ----A---- C:\WINDOWS\system32\oodtrrs.dll
2008-09-04 05:58:18 ----A---- C:\WINDOWS\system32\oodbsrs.dll
2008-09-04 05:58:16 ----A---- C:\WINDOWS\system32\oodagrs.dll
2008-09-04 05:58:14 ----A---- C:\WINDOWS\system32\oodagmg.dll
2008-08-30 05:20:30 ----A---- C:\WINDOWS\system32\ootmapi.dll
2008-08-22 03:05:00 ----A---- C:\WINDOWS\system32\PrivacIE.dll
2008-08-21 15:40:41 ----D---- C:\Program Files\Colorizer
2008-08-21 15:37:34 ----D---- C:\Documents and Settings\Jordy\Application Data\Thinstall
2008-08-21 15:35:39 ----D---- C:\Program Files\Microsoft Works 9.0
2008-08-21 15:29:18 ----D---- C:\Program Files\AIM6_Cloned
2008-08-20 17:23:27 ----D---- C:\Program Files\AIM6
2008-08-15 21:40:34 ----D---- C:\Documents and Settings\Jordy\Application Data\U3
2008-08-12 19:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-12 19:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-12 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-12 19:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-12 19:23:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-12 19:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-09 21:01:23 ----D---- C:\Program Files\PC Tools Firewall Plus
2008-08-05 17:55:38 ----A---- C:\WINDOWS\system32\msdbg2.dll
2008-07-29 15:26:23 ----D---- C:\WINDOWS\Open RegEdit
2008-07-28 12:09:13 ----D---- C:\Documents and Settings\Jordy\Application Data\PCToolsFirewallPlus
2008-07-16 18:07:40 ----D---- C:\Program Files\Combined Community Codec Pack
2008-07-16 15:15:23 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-16 15:15:07 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-07-16 15:13:49 ----D---- C:\WINDOWS\Internet Logs
2008-07-09 16:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-07-09 16:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-05 12:11:36 ----D---- C:\Documents and Settings\Jordy\Application Data\Comodo
2008-07-02 19:44:34 ----D---- C:\Documents and Settings\Jordy\Application Data\skypePM
2008-07-02 19:41:40 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-07-02 19:41:36 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-02 19:34:20 ----A---- C:\WINDOWS\system32\capicom.dll
2008-07-02 19:33:14 ----D---- C:\Program Files\Common Files\Logitech
2008-07-02 19:30:41 ----D---- C:\Program Files\Logitech

======List of files/folders modified in the last 3 months======

2008-09-26 16:10:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-26 16:09:19 ----D---- C:\WINDOWS\Temp
2008-09-26 16:05:50 ----D---- C:\Program Files\Mozilla Thunderbird
2008-09-26 15:58:58 ----D---- C:\Held Files
2008-09-26 15:58:25 ----D---- C:\WINDOWS\Prefetch
2008-09-26 15:56:20 ----D---- C:\WINDOWS\system32\Lang
2008-09-26 15:55:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 15:55:28 ----D---- C:\WINDOWS\system32\drivers
2008-09-26 15:55:28 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-09-26 15:54:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 15:34:36 ----HD---- C:\WINDOWS\system32
2008-09-26 15:33:53 ----D---- C:\Program Files
2008-09-26 14:48:49 ----SHD---- C:\WINDOWS\Installer
2008-09-25 23:36:19 ----D---- C:\WINDOWS\system32\config
2008-09-25 21:09:48 ----SHD---- C:\WINDOWS\CSC
2008-09-25 20:57:17 ----D---- C:\WINDOWS
2008-09-25 18:31:18 ----A---- C:\WINDOWS\system.ini
2008-09-25 18:26:36 ----D---- C:\WINDOWS\AppPatch
2008-09-25 18:26:36 ----D---- C:\Program Files\Common Files
2008-09-25 18:26:02 ----SD---- C:\WINDOWS\Tasks
2008-09-25 18:26:00 ----D---- C:\Documents and Settings\Jordy\Application Data\Adobe
2008-09-25 16:59:49 ----A---- C:\WINDOWS\wininit.ini
2008-09-24 21:36:03 ----D---- C:\WINDOWS\system32\oodag
2008-09-24 19:38:19 ----D---- C:\WINDOWS\Registration
2008-09-24 19:08:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-24 18:54:50 ----D---- C:\Program Files\SpywareBlaster
2008-09-24 18:53:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-24 18:24:51 ----SD---- C:\Documents and Settings\Jordy\Application Data\Microsoft
2008-09-23 23:09:25 ----D---- C:\Program Files\Unlocker
2008-09-22 20:45:14 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-22 20:35:38 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-20 23:33:46 ----A---- C:\WINDOWS\swupdate.INI
2008-09-20 23:32:22 ----D---- C:\WINDOWS\Minidump
2008-09-20 16:16:57 ----D---- C:\Program Files\Google
2008-09-19 20:33:25 ----D---- C:\Program Files\Opera
2008-09-19 18:07:40 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 17:26:42 ----HD---- C:\WINDOWS\inf
2008-09-19 15:24:02 ----D---- C:\Program Files\ViOrb
2008-09-15 23:03:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-15 22:52:22 ----RASH---- C:\boot.ini
2008-09-15 22:52:22 ----A---- C:\WINDOWS\win.ini
2008-09-12 13:20:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-11 17:17:46 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-09 17:48:26 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 16:01:31 ----D---- C:\WINDOWS\Debug
2008-09-09 15:56:51 ----D---- C:\WINDOWS\pchealth
2008-09-09 15:45:24 ----D---- C:\WINDOWS\WinSxS
2008-08-30 14:22:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-28 16:00:17 ----D---- C:\WINDOWS\system32\en-US
2008-08-28 16:00:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-28 16:00:12 ----D---- C:\WINDOWS\Help
2008-08-28 16:00:12 ----D---- C:\Program Files\Internet Explorer
2008-08-28 15:57:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-28 15:41:17 ----D---- C:\WINDOWS\ie8updates
2008-08-28 15:40:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-22 03:15:56 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 03:14:40 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 03:10:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-08-22 03:09:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-22 03:08:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-08-22 03:08:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-22 03:08:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-22 03:08:06 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-22 03:08:00 ----A---- C:\WINDOWS\system32\licmgr10.dll
2008-08-22 03:07:58 ----A---- C:\WINDOWS\system32\url.dll
2008-08-22 03:07:50 ----A---- C:\WINDOWS\system32\occache.dll
2008-08-22 03:07:50 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-22 03:07:08 ----A---- C:\WINDOWS\system32\corpol.dll
2008-08-22 03:06:58 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-22 03:06:44 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-22 03:06:40 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-08-22 03:06:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2008-08-22 03:06:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-08-22 03:06:30 ----A---- C:\WINDOWS\system32\jscript.dll
2008-08-22 03:06:30 ----A---- C:\WINDOWS\system32\admparse.dll
2008-08-22 03:06:24 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-22 03:06:24 ----A---- C:\WINDOWS\system32\iesetup.dll
2008-08-22 03:06:24 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 03:06:24 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 03:06:20 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-08-22 03:06:16 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-22 03:06:16 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-22 03:06:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-22 03:05:48 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-22 03:05:34 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-22 03:05:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-22 03:05:22 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2008-08-22 03:05:22 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-22 03:05:20 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-22 03:05:16 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-22 03:05:14 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-22 03:05:14 ----A---- C:\WINDOWS\system32\imgutil.dll
2008-08-22 03:05:10 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-22 03:05:08 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-22 03:05:00 ----A---- C:\WINDOWS\system32\mshtmler.dll
2008-08-22 03:04:54 ----A---- C:\WINDOWS\system32\mshta.exe
2008-08-22 02:58:12 ----A---- C:\WINDOWS\system32\ieui.dll
2008-08-22 02:57:56 ----A---- C:\WINDOWS\system32\msls31.dll
2008-08-22 02:42:22 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-21 15:26:36 ----D---- C:\Program Files\Common Files\AOL
2008-08-21 15:26:36 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-08-21 15:26:35 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-17 17:18:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 15:27:58 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-12 19:25:52 ----RSD---- C:\WINDOWS\assembly
2008-08-10 13:14:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-31 15:12:40 ----D---- C:\WINDOWS\system32\inetsrv
2008-07-27 18:48:06 ----D---- C:\Program Files\DivX
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-16 18:25:23 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-16 18:25:22 ----D---- C:\Program Files\Microsoft Office
2008-07-16 18:25:18 ----D---- C:\WINDOWS\SHELLNEW
2008-07-16 18:23:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-07-16 18:23:42 ----D---- C:\Program Files\MSBuild
2008-07-16 18:22:31 ----RSD---- C:\WINDOWS\Fonts
2008-07-16 17:40:58 ----D---- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-07-16 17:39:46 ----D---- C:\Program Files\Microsoft Student
2008-07-15 15:39:12 ----D---- C:\UnrealTournament
2008-07-11 08:42:28 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-07-07 16:26:58 ----A---- C:\WINDOWS\system32\es.dll
2008-07-02 20:07:50 ----D---- C:\WINDOWS\twain_32
2008-06-27 22:05:30 ----D---- C:\Program Files\Wolf3d

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-30 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-02-01 250776]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-01-13 28800]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-04-24 66880]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2006-11-25 654848]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 PersFw;Kerio Personal Firewall; C:\Program Files\Kerio\Personal Firewall\persfw.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Cepstral License Server;Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [2006-08-17 57344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
S3 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S3 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

edited post

edited

 

info

info.txt logfile of random's system information tool 1.02 2008-09-26 16:11:15

======Uninstall list======

-->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
-->MsiExec.exe /X{09959E11-AD5D-408E-96AF-E3346954D6B8}
-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AIM 6 Cloned--> "C:\Program Files\AIM6_Cloned\unins000.exe "
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Cepstral Callie 4.1.4-->MsiExec.exe /I{B7638D2C-C920-41D2-8991-0E4F2D39591A}
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Cloudmark Desktop for Mozilla Thunderbird-->MsiExec.exe /X{527B9B7E-5249-4681-9259-018F7DDB351C}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Colorizer 1.0.0.1-->C:\PROGRA~1\COLORI~1\UNWISE.EXE C:\PROGRA~1\COLORI~1\INSTALL.LOG
Combined Community Codec Pack 2008-01-24--> "C:\Program Files\Combined Community Codec Pack\unins000.exe "
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Desktop Maestro 3.0--> "C:\Program Files\Desktop Maestro\unins000.exe" /Log
DOOM II-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\DOOM II\DOOM II\DOOMII.isu "
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
ExtractNow--> "C:\Program Files\ExtractNow\unins000.exe "
FLV Player 1.3.3--> "C:\Program Files\FLVPlayer\uninstall.exe "
High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 10 (KB903157)--> "C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HouseCall 6.6--> "C:\Documents and Settings\Jordy\Application Data\HouseCall 6.6\uninstaller.exe "
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Infiltration 2.9 BonusPack-->C:\WINDOWS\iun6002.exe "C:\UnrealTournament\Infiltration\UninstallBonusPack\irunin.ini "
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2--> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA--> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Junk E-mail Reporting Tool-->MsiExec.exe /I{B72B06E0-0C54-495F-896F-E3ED2905624D}
Kerio Personal Firewall 2.1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}\Setup.exe" -removeall
Learning Essentials for Microsoft Office-->MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
LimeWire 4.18.8--> "C:\Program Files\LimeWire\uninstall.exe "
LWAway 1.0.0.1-->C:\PROGRA~1\LWAway\UNWISE.EXE C:\PROGRA~1\LWAway\INSTALL.LOG
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package--> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
Microsoft Color Control Panel Applet for Windows XP-->MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Student 2007 for Learning Essentials-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Student with Encarta Premium 2008-->MsiExec.exe /I{08041881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Office 2007 Add-in - Microsoft Save as PDF (Beta)-->MsiExec.exe /X{30120000-00B0-0409-0000-0000000FF1CE}
Opera 9.10-->MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Opera 9.50-->MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
Opera 9.52-->MsiExec.exe /X{775EA80D-E368-4310-97B6-3D47EB9BB3F1}
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Plustek OpticBook 3600 plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C043B8C1-E512-46AB-AEE2-009EBDEC0061}\setup.exe" -l0x9
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Samsung ML-1740 Series-->C:\WINDOWS\Samsung\ML-1740\SETUP.EXE
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
SMSC IrCC V5.1.3600.5 SP2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy 1.5.2.20--> "C:\WINDOWS\unins000.exe "
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
SpywareBlaster 4.1--> "C:\Program Files\SpywareBlaster\unins000.exe "
Symantec Technical Support Web Controls-->MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Tactical Ops 3.1.5 MOD-->C:\UNREAL~1\UNWISE.EXE C:\UNREAL~1\INSTALL.LOG
ThreatFire 3.5--> "C:\Program Files\ThreatFire\unins000.exe "
TOSHIBA Accessibility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BCA8D15-BCB6-421E-9654-238B43456A4F} /l1033
TOSHIBA Fn-esse-->C:\WINDOWS\UnInst32.exe Fn-esse.UNI
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\TOSHIBA\PCDiag\Uninst.isu "
TOSHIBA Power Saver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033
Tweak UI--> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta "
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Unreal Tournament G.O.T.Y. Edition-->C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament "
Update for Windows Media Player 10 (KB913800)--> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VDMSound 2.0.4-->MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908250--> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe "
Windows XP Media Center Edition 2005 KB925766--> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: ThreatFire
AV: avast! antivirus 4.8.1229 [VPS 080926-0]

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Cepstral\bin;%VDMSPath%
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION "=0e08
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"VDMSPath "=C:\Program Files\VDMSound\

-----------------EOF-----------------

 

Looks good sniper. Uninstall ComboFix by clicking Start>Run then type combofix /u and hit Enter.

• Make sure you have an Internet Connection.
• Right click on OTMoveit2.exe and select 'Run as Administrator')
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now do a scan with Kaspersky Online Scanner to see if anything else remains.

 

Kaspersky Results

Thanks for the complement. By now, I should know the drill of what to run when I have malware problems! I HAD to run ComboFix without being instructed by an expert in this situation only and had success.


I ran Combofix Uninstaller and OTMoveit2.exe

-------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 30, 2008 03:12:16
Records in database: 1275423

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Files scanned 77799
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 01:18:19

File name Threat name Threats count
C:\Documents and Settings\Jordy\Application Data\Adobe\Player.exe Infected: Trojan.Win32.Small.yaf 1

The selected area was scanned.
---

So I guess I should manually just remove Player.exe?

 

That should be fine. Don't forget to empty the recycle bin then clear your system restore points.