Solved Browser & google hijack and AV/Malware disabled

belgarath1960 · 2008/11/30

[Resolved] Browser & google hijack and AV/Malware disabled

Hi... as with other users, I have managed to get my PC infected. Result/current picture - I can't access web pages such as AVG or other well known AV and Anti-Malware sites. Google search links are redirected. Kasparsky (sp?) online scan disabled, I can't get to their webpage or link to the scan tool, even in safe mode. I have tried installing the recommended spyware tools with little success. I can log in with safe mode and normal startup, with or without msconfig disabling services and startup items. My system restore would not work in safe or normal mode, and I have disabled system restore. I can access other webpages, not many to deal with this issue though. I have installed malwarebytes anti-malware while in safe mode, but it will not run in either safe or normal mode. I have hijackthis and RSIT though, which seem to be supplying logfiles at least, so if someone out there can look over the attached and help me through this I will be very grateful. So will my wife, who can't quite understand the frustration I have experienced over the last week
I was unable to run AVG scans, so I uninstalled and tried installing Windows onecare from a CD I had. Oncare was totally disabled and unable to start it's AV or firewall. So I am back to a freebie AV scanner and windows firewall, and feeling very vulnerable...
It was my own fault, I had discovered bittorrent before realising the full extent of the danger, and had unprotected (almost) relations with the internet while downloading a missing TV show... AVG was working at the time, but it wasn't enough.
logfile follows, another post with the 'info' file will follow:
>>>>
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-30 23:21:56
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 35 GB (46%) free of 76 GB
Total RAM: 1024 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:58 p.m., on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\rsit\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\SW\W_Patrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\AV\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3900 Series on BOSS2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_SE.tmp" /EF "HKLM "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON STM Service03 (EPSON_PM_RPC_03) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_SSRP03.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe

--
End of file - 3274 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "=C:\Program Files\SW\W_Patrol\winpatrol.exe [2008-10-10 333120]
"ClamWin "=C:\Program Files\AV\bin\ClamTray.exe [2008-11-09 86016]
"Auto EPSON Stylus CX3900 Series on BOSS2 "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE [2006-02-21 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service "=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-01-16 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
" "=
"NoDriveTypeAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost "
"C:\Program Files\BitZip\bitzip.exe "= "C:\Program Files\BitZip\bitzip.exe:*isabled:bitzip "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\OCSetup.exe

======List of files/folders created in the last 3 months======

2008-11-30 10:23:17 ----D---- C:\Documents and Settings\Administrator\Application Data\.clamwin
2008-11-30 10:23:06 ----D---- C:\Program Files\AV
2008-11-30 10:10:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-11-30 10:02:28 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-11-30 09:55:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-11-30 09:43:06 ----D---- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-11-30 09:38:49 ----D---- C:\rsit
2008-11-30 09:35:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-30 09:27:14 ----D---- C:\Program Files\SW
2008-11-30 09:27:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-27 07:03:46 ----D---- C:\Program Files\Trend Micro
2008-11-22 09:56:27 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-11-22 09:56:27 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-11-21 19:06:12 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-21 19:06:12 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-21 19:06:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-21 19:06:10 ----A---- C:\WINDOWS\system32\wups2.dll
2008-11-21 19:06:10 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-21 19:06:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-21 19:06:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-21 19:06:07 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-21 19:06:06 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-21 19:06:03 ----A---- C:\WINDOWS\system32\cdm.dll
2008-11-15 17:08:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-12 21:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-04 07:18:16 ----D---- C:\Program Files\WinAVI Video Converter
2008-11-01 15:50:39 ----D---- C:\Program Files\BitTorrent
2008-10-26 08:10:02 ----D---- C:\Program Files\Common Files\Remote Control Software Common
2008-10-26 08:09:39 ----D---- C:\Program Files\Common Files\Remote Control USB Driver
2008-10-26 08:09:10 ----D---- C:\Program Files\Logitech
2008-10-24 21:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 22:00:25 ----D---- C:\MOVIE FILES
2008-10-15 17:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 11:31:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-10-13 11:30:56 ----D---- C:\Program Files\iPod
2008-10-13 11:30:51 ----D---- C:\Program Files\iTunes
2008-10-13 11:30:51 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 11:29:27 ----D---- C:\Program Files\QuickTime
2008-10-13 11:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-13 11:28:54 ----D---- C:\Program Files\Apple Software Update
2008-10-13 11:28:15 ----D---- C:\Program Files\Common Files\Apple
2008-10-13 11:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-13 15:23:40 ----D---- C:\Program Files\Common Files\xing shared
2008-09-10 06:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 06:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 3 months======

2008-11-30 23:14:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 19:16:54 ----D---- C:\WINDOWS\Temp
2008-11-30 19:16:45 ----D---- C:\WINDOWS
2008-11-30 18:13:53 ----HD---- C:\WINDOWS\inf
2008-11-30 18:13:53 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-30 18:13:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 18:02:04 ----SHD---- C:\WINDOWS\Installer
2008-11-30 18:02:04 ----HD---- C:\Config.Msi
2008-11-30 18:01:59 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-30 18:01:35 ----D---- C:\Documents and Settings
2008-11-30 17:55:00 ----RASH---- C:\boot.ini
2008-11-30 17:55:00 ----A---- C:\WINDOWS\win.ini
2008-11-30 17:55:00 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-30 17:13:26 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-30 17:09:23 ----D---- C:\Temp
2008-11-30 14:47:41 ----SHD---- C:\RECYCLER
2008-11-30 10:23:06 ----RD---- C:\Program Files
2008-11-30 09:35:42 ----D---- C:\WINDOWS\system32
2008-11-30 09:27:18 ----D---- C:\WINDOWS\system32\drivers
2008-11-29 12:30:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-29 12:00:12 ----D---- C:\WINDOWS\Help
2008-11-29 11:25:41 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-29 11:18:46 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-29 11:18:46 ----D---- C:\WINDOWS\system32\config
2008-11-29 11:18:45 ----D---- C:\Program Files\Internet Explorer
2008-11-29 11:11:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-29 11:10:06 ----D---- C:\WINDOWS\ie7updates
2008-11-29 11:09:20 ----D---- C:\WINDOWS\WBEM
2008-11-29 11:09:20 ----D---- C:\WINDOWS\system32\en-US
2008-11-29 11:04:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-29 11:03:00 ----D---- C:\Program Files\epson
2008-11-29 11:01:25 ----D---- C:\Program Files\BitZip
2008-11-29 10:59:29 ----D---- C:\Program Files\Creative
2008-11-29 10:55:21 ----D---- C:\Program Files\Common Files
2008-11-29 09:58:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-29 08:49:53 ----A---- C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80651102}.BAK
2008-11-29 06:27:28 ----D---- C:\WINDOWS\Prefetch
2008-11-28 23:02:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-27 06:48:51 ----A---- C:\WINDOWS\NewsRover.INI
2008-11-27 06:48:48 ----D---- C:\Program Files\NewsRover
2008-11-26 22:59:20 ----SD---- C:\WINDOWS\Tasks
2008-11-26 21:37:44 ----D---- C:\WINDOWS\pss
2008-11-26 07:45:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 07:36:15 ----RSD---- C:\WINDOWS\assembly
2008-11-26 07:36:15 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-26 07:34:03 ----D---- C:\WINDOWS\WinSxS
2008-11-26 07:32:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 06:55:01 ----A---- C:\WINDOWS\setuplog.txt
2008-11-26 06:54:50 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-18 09:14:04 ----D---- C:\WINDOWS\Drivers
2008-11-12 21:14:10 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 21:14:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-06 09:20:45 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-04 10:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 06:18:05 ----D---- C:\WINDOWS\system32\wbem
2008-10-16 02:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 10:26:38 ----D---- C:\WINDOWS\Media
2008-10-11 10:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-03 06:52:02 ----A---- C:\WINDOWS\swn32reg.dll
2008-09-27 09:48:01 ----A---- C:\WINDOWS\cdplayer.ini
2008-09-20 09:08:54 ----D---- C:\Program Files\Common Files\ACD Systems
2008-09-20 09:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-14 16:19:24 ----D---- C:\Program Files\TengScribe
2008-09-13 15:23:30 ----D---- C:\Program Files\Common Files\Real
2008-09-13 15:23:22 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-13 15:23:09 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-13 15:23:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-13 15:23:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-09-13 15:23:04 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-13 15:23:04 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-13 15:22:55 ----D---- C:\Program Files\Real
2008-09-10 11:14:56 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-05 03:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-01-17 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-01-17 32640]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-04-05 88320]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S2 wincom32;wincom32; \??\C:\WINDOWS\system32\wincom32.sys []
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-04-05 69472]
S3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
S3 Contddcnpor;Contddcnpor; C:\WINDOWS\system32\drivers\ati1xbxx.sys [2004-08-04 29455]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [2008-04-14 59136]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-01-16 666109]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-12-06 6400]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
S3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\System32\Drivers\symevent.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBVSP;USBVSP; C:\WINDOWS\system32\drivers\Usbvsp.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-01-17 102016]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
S2 EPSON_PM_RPC_03;EPSON STM Service03; C:\WINDOWS\system32\E_SSRP03.EXE [1999-10-29 59904]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-01-16 878592]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-03-04 1118208]
S2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
S2 StatusAgent;Epson Printer Status Agent; C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe [2000-03-13 213504]
S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-20 654848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

-----------------EOF-----------------

belgarath1960 · 2008/11/30

RSIT file # 2

Here's the other file produced by RSIT in normal mode earlier today. The logfile above was done in safemode.
Did I say thanks in advance yet?
>>
info.txt logfile of random's system information tool 1.04 2008-11-30 09:38:59

======Uninstall list======

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AAPT Quick Config-->C:\PROGRA~1\AAPT\AAPTQU~1\UNWISE.EXE C:\PROGRA~1\AAPT\AAPTQU~1\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Download Manager (Remove Only)--> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe "
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AltoMP3 Maker 3.20--> "C:\Program Files\ALTOMP3 MAKER\LATEST VERSION\AltoMP3 Maker\unins000.exe "
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
DVD Decrypter (Remove Only)--> "C:\Program Files\DVD Decrypter\uninstall.exe "
DVD Shrink 3.2--> "C:\Program Files\DVD Shrink\unins000.exe "
DVD-Cover Printmaster 1.2-->MsiExec.exe /I{9DCDC0A8-2280-4F43-B290-465AFDC281BC}
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESCX3900 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESCX3900\USE_G\DOCUNINS.EXE
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Family Tree Maker 7.0-->C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
ID_DCRaw Image Decoder Plug-In-->MsiExec.exe /X{DA1876DD-323E-4D78-8F9F-8F4FDE25C010}
ImgBurn--> "C:\Program Files\ImgBurn\uninstall.exe "
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PRO Intelligent Installer-->MsiExec.exe /I{6EC5D2BB-C70D-4A1E-9E0E-384568CA5E97}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start--> "C:\Program Files\Java Web Start\uninst-javaws.exe "
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.18.3--> "C:\Program Files\LimeWire\uninstall.exe "
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware--> "C:\Program Files\SW\MWB_AM\unins000.exe "
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5--> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011C-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MiraScan V4.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01000A03-E058-11D3-9C13-0000E220DC33}\Setup.exe" -l0x9 -uninst
Motorola Driver Installation-->MsiExec.exe /I{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=" "
News Rover-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\NewsRover\Uninst.isu" -c "C:\Program Files\NewsRover\RoverUninstall.dll "
Novel Writer Standard--> "D:\Novel Writer\UninstallerData\Uninstall Novel Writer Standard.exe "
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Remove MiraScan USB Driver-->C:\WINDOWS\UnUSBDrv.exe
Security Update for Windows Internet Explorer 7 (KB938127-v2)--> "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SpywareBlaster 4.1--> "C:\Program Files\SW\SB\unins000.exe "
Tengwar Scribe-->C:\PROGRA~1\TENGSC~1\UNWISE.EXE C:\PROGRA~1\TENGSC~1\INSTALL.LOG
Torrent Episode Downloader-->MsiExec.exe /I{5EA8EDD7-A933-4C21-8547-AF33ADD66671}
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
WinAVI Video Converter--> "C:\Program Files\WinAVI Video Converter\unins000.exe "
Windows Imaging Component--> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live SkyDrive Upload Tool-->MsiExec.exe /I{2FD177C0-A752-11DC-8314-0800200C9A66}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo!7 Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://help.live.com/ContactUs/ActiveX/MSDcode.cab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Plus\Search Bar.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e03b832ead449223.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AA14C86B-DA22-4811-8186-BB496A299C5F} (Be Here TotalView Player ActiveX Control, Version 3.0) - http://www.spincam.com/360video/plugins/iVideoViewer3_0.cab
O16 - DPF: {BA2D9665-D672-446F-98F4-E3E41FA12A01} (PCAObj Class) - http://www.mypccenter.com/CAB/PCA.cab
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zdrinit] C:\WINDOWS\svcwinra.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3900 Series on BOSS2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_SE.tmp" /EF "HKLM "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe "
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aapt.net.au/
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aapt.net.au/
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\ACD Systems\EN\;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION "=0204
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION "=NETWORK

-----------------EOF-----------------

noahdfear · 2008/11/30

Welcome to WindowsBBS belgarath1960

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click ComboFix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

belgarath1960 · 2008/11/30

Dave - thanks for the response. I should have said I had tried this also sorry. I am unable to get to any bleepingcomputer pages, even in safemode. After googling combofix, I see the suggested links end up pointing from other forums and websites back to bleepingcomputer. Are there any other places I can get a copy to try and run on my PC?
Thanks

noahdfear · 2008/11/30

Do you have another PC available to download it on, and a means of transferring it, such as usb flash drive, cd, floppy or network share?

belgarath1960 · 2008/11/30

Yeah, my laptop and a CD burner. Trying that now

belgarath1960 · 2008/12/01

"belgarath1960 said: ↑

Yeah, my laptop and a CD burner. Trying that now
Click to expand...

OK - that didn't work either. I was able to download Combofix to a CD then to my damaged PC's desktop in safemode. However it behaves the same as Malwarebyte's program in that it will not run. When double-clicked I get a window titled 'run' but clicking run just turns it off. I have tried runnin this and malwarebytes in safe and normal mode with the same result.

noahdfear · 2008/12/01

Please save a new copy to the desktop, except this time save it with a different name, something like ComboNix.exe - then try to run it.
You can just save another copy of the file you currently have on the cd.

belgarath1960 · 2008/12/01

Dave - thanks for reminding me about filename changes, this one worked. Have rebooted and have malwarebytes running a scan now also. Heres the Combofix log - cheers
>>
ComboFix 08-11-30.01 - Boss 2008-12-01 23:14:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.741 [GMT 10:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\TDSSmxwt.sys
c:\windows\system32\mdm.exe
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkao.log
c:\windows\system32\TDSSmtpw.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnpur.dll
c:\windows\system32\TDSSoitu.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoqm.dll
c:\windows\system32\TDSSxhyf.log
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_WINCOM32
-------\Service_wincom32

((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 16:48 . 2008-12-01 16:48 <DIR> d-------- C:\06afdcb8451b77f8cc09d09eadfab1
2008-11-30 18:02 . 2008-11-30 18:02 <DIR> d-------- c:\documents and settings\Boss.BOSS\Application Data\.clamwin
2008-11-30 18:01 . 2008-11-30 18:01 <DIR> d-------- c:\documents and settings\Boss.BOSS
2008-11-30 10:23 . 2008-11-30 10:23 <DIR> d-------- c:\program files\AV
2008-11-30 10:23 . 2008-11-30 10:23 <DIR> d-------- c:\documents and settings\All Users\.clamwin
2008-11-30 10:23 . 2008-11-30 10:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\.clamwin
2008-11-30 10:02 . 2008-11-30 10:02 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-11-30 09:43 . 2008-11-30 09:43 <DIR> d-------- c:\documents and settings\Administrator\Application Data\WinPatrol
2008-11-30 09:38 . 2008-11-30 23:22 <DIR> d-------- C:\rsit
2008-11-30 09:35 . 2008-12-01 15:45 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-30 09:29 . 2008-11-30 09:29 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-11-30 09:27 . 2008-11-30 10:11 <DIR> d-------- c:\program files\SW
2008-11-30 09:27 . 2008-11-30 09:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 09:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-30 09:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 07:03 . 2008-11-27 07:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-22 09:56 . 2008-11-30 09:29 <DIR> d-------- c:\documents and settings\Administrator
2008-11-21 19:06 . 2008-07-18 22:09 1,811,656 --a------ c:\windows\system32\wuaueng.dll
2008-11-21 19:06 . 2008-07-18 22:09 563,912 --a------ c:\windows\system32\wuapi.dll
2008-11-21 19:06 . 2008-07-18 22:09 325,832 --a------ c:\windows\system32\wucltui.dll
2008-11-21 19:06 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-21 19:06 . 2008-07-18 22:09 215,752 --a------ c:\windows\system32\wuaucpl.cpl
2008-11-21 19:06 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-21 19:06 . 2008-07-18 22:09 205,000 --a------ c:\windows\system32\wuweb.dll
2008-11-21 19:06 . 2008-07-18 22:10 94,920 --a------ c:\windows\system32\cdm.dll
2008-11-21 19:06 . 2008-07-18 22:10 53,448 --a------ c:\windows\system32\wuauclt.exe
2008-11-21 19:06 . 2008-07-18 22:10 45,768 --a------ c:\windows\system32\wups2.dll
2008-11-21 19:06 . 2008-07-18 22:10 36,552 --a------ c:\windows\system32\wups.dll
2008-11-18 18:11 . 2002-08-29 22:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-18 18:11 . 2002-08-29 22:00 4,224 --a------ c:\windows\system32\dllcache\beep.sys
2008-11-12 18:29 . 2008-10-24 21:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:26 . 2008-09-05 03:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-04 07:18 . 2008-11-04 07:18 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-11-04 07:17 . 2008-11-04 07:17 3,082 --a------ c:\windows\system32\affv208325p1now.sys
2008-11-01 15:50 . 2008-11-02 21:49 <DIR> d-------- c:\program files\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 04:17 11,272,192 ----a-w c:\documents and settings\Boss\ntuser_RENAMED.dat
2008-11-29 01:06 --------- d-----w c:\program files\Logitech
2008-11-29 01:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 01:03 --------- d-----w c:\program files\epson
2008-11-29 01:01 --------- d-----w c:\program files\BitZip
2008-11-29 00:59 --------- d-----w c:\program files\Creative
2008-11-28 23:58 2,600,960 ----a-w c:\documents and settings\AMBER\NTUSER_RENAMED.DAT
2008-11-28 23:58 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-11-26 20:48 --------- d-----w c:\program files\NewsRover
2008-11-05 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-25 22:10 --------- d-----w c:\program files\Common Files\Remote Control Software Common
2008-10-25 22:09 --------- d-----w c:\program files\Common Files\Remote Control USB Driver
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-13 01:31 --------- d-----w c:\program files\iTunes
2008-10-13 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 01:30 --------- d-----w c:\program files\QuickTime
2008-10-13 01:30 --------- d-----w c:\program files\iPod
2008-10-13 01:30 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-13 01:29 --------- d-----w c:\program files\Common Files\Apple
2008-10-13 01:28 --------- d-----w c:\program files\Apple Software Update
2008-10-13 01:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-02 20:52 2,875 ----a-w c:\windows\swn32reg.dll
2008-10-01 03:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-01-10 12:26 92,064 ----a-w c:\documents and settings\Boss\mqdmmdm.sys
2008-01-10 12:26 9,232 ----a-w c:\documents and settings\Boss\mqdmmdfl.sys
2008-01-10 12:26 79,328 ----a-w c:\documents and settings\Boss\mqdmserd.sys
2008-01-10 12:26 66,656 ----a-w c:\documents and settings\Boss\mqdmbus.sys
2008-01-10 12:26 6,208 ----a-w c:\documents and settings\Boss\mqdmcmnt.sys
2008-01-10 12:26 5,936 ----a-w c:\documents and settings\Boss\mqdmwhnt.sys
2008-01-10 12:26 4,048 ----a-w c:\documents and settings\Boss\mqdmcr.sys
2008-01-10 12:26 25,600 ----a-w c:\documents and settings\Boss\usbsermptxp.sys
2008-01-10 12:26 22,768 ----a-w c:\documents and settings\Boss\usbsermpt.sys
2003-09-05 06:16 57,344 ----a-w c:\program files\dvdrgn.exe
2008-08-10 05:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081020080811\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "= "c:\program files\SW\W_Patrol\winpatrol.exe" [2008-10-10 333120]
"ClamWin "= "c:\program files\AV\bin\ClamTray.exe" [2008-11-09 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-03-24 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3 "= c:\windows\System32\ctmp3.acm
"MSACM.CEGSM "= mobilev.acm
"VIDC.ACDV "= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:*isabledxpsp2res.dll,-22009

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 EPSON_PM_RPC_03;EPSON STM Service03;c:\windows\system32\E_SSRP03.EXE [2006-09-14 59904]
R2 Pctspk;PCTEL Speaker Phone;c:\windows\system32\pctspk.exe [2003-03-07 86016]
S3 Contddcnpor;Contddcnpor;c:\windows\system32\drivers\ati1xbxx.sys [2004-08-04 29455]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-02-13 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-02-13 7680]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;c:\windows\system32\DRIVERS\ptserlp.sys [2003-03-07 112574]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\Usbvsp.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert\AdwareAlert.exe []

2008-11-26 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert []

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Boss.BOSS\Application Data\Mozilla\Firefox\Profiles\orktjq2p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.brisbanetimes.com.au
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 23:29:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\NMSSvc.Exe
c:\program files\Common Files\EPSON\EBAPI\SAgentNT.exe
c:\program files\Common Files\EPSON\EBAPI\EBRR.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\locator.exe
c:\program files\AV\bin\freshclam.exe
.
**************************************************************************
.
Completion time: 2008-12-01 23:32:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 13:32:09

Pre-Run: 40,182,366,208 bytes free
Post-Run: 40,425,869,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

199 --- E O F --- 2008-11-30 08:13:54

belgarath1960 · 2008/12/01

Dave - also have a Mawarebytes logfile if you want to see it, it found some nasties which I deleted. Now running the online scan from Kaspersky...

belgarath1960 · 2008/12/01

Can I presume maybe my PC is OK now? I'll do another RSIT scan and attach the logfile, I just don't want to go anywhere sensitive online before I know this thing is safe Thanks!
>>
Logfile of random's system information tool 1.04 (written by random/random)
Run by Boss at 2008-12-02 11:13:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (55%) free of 76 GB
Total RAM: 1024 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:33 a.m., on 2/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\E_SSRP03.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\EBRR.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SW\W_Patrol\winpatrol.exe
C:\Program Files\AV\bin\ClamTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
F:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Boss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\SW\W_Patrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\AV\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O17 - HKLM\System\CS4\Services\Tcpip\..\{42E395B6-4585-4067-A7F8-4A403E7ABE9B}: NameServer = 10.1.1.1,10.1.1.2
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - - (no file)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON STM Service03 (EPSON_PM_RPC_03) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_SSRP03.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe

--
End of file - 3857 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "=C:\Program Files\SW\W_Patrol\winpatrol.exe [2008-10-10 333120]
"ClamWin "=C:\Program Files\AV\bin\ClamTray.exe [2008-11-09 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service "=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-01-16 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=323
"NoDrives "=0
"NoDriveAutoRun "=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
" "=
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

======List of files/folders created in the last 3 months======

2008-12-02 10:32:08 ----SHD---- C:\RECYCLER
2008-12-02 07:17:17 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\Sun
2008-12-02 05:48:41 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\Malwarebytes
2008-12-02 05:39:59 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\WinPatrol
2008-12-01 23:32:15 ----D---- C:\WINDOWS\temp
2008-12-01 23:32:14 ----A---- C:\ComboFix.txt
2008-12-01 22:58:18 ----A---- C:\Boot.bak
2008-12-01 22:58:13 ----RASHD---- C:\cmdcons
2008-12-01 22:55:42 ----A---- C:\WINDOWS\zip.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\VFIND.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\SWSC.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\SWREG.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\sed.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\grep.exe
2008-12-01 22:55:42 ----A---- C:\WINDOWS\fdsv.exe
2008-12-01 22:55:34 ----D---- C:\WINDOWS\ERDNT
2008-12-01 22:55:34 ----D---- C:\Qoobox
2008-12-01 22:55:33 ----D---- C:\nanoFix
2008-12-01 17:00:56 ----HDC---- C:\WINDOWS\ie7
2008-12-01 16:57:23 ----N---- C:\WINDOWS\system32\SETB8.tmp
2008-12-01 16:57:23 ----N---- C:\WINDOWS\system32\SETB7.tmp
2008-12-01 16:57:23 ----N---- C:\WINDOWS\system32\SETB0.tmp
2008-12-01 16:57:22 ----N---- C:\WINDOWS\system32\SETC7.tmp
2008-12-01 16:57:22 ----N---- C:\WINDOWS\system32\SETC1.tmp
2008-12-01 16:57:22 ----N---- C:\WINDOWS\system32\SETBC.tmp
2008-12-01 16:57:22 ----N---- C:\WINDOWS\system32\SETAE.tmp
2008-12-01 16:57:21 ----N---- C:\WINDOWS\system32\SETCA.tmp
2008-12-01 16:57:21 ----N---- C:\WINDOWS\system32\SETC2.tmp
2008-12-01 16:57:21 ----N---- C:\WINDOWS\system32\SETBE.tmp
2008-12-01 16:57:21 ----N---- C:\WINDOWS\system32\SETAD.tmp
2008-12-01 16:57:20 ----N---- C:\WINDOWS\system32\SETAF.tmp
2008-12-01 16:57:19 ----N---- C:\WINDOWS\system32\SETBF.tmp
2008-12-01 16:48:11 ----D---- C:\06afdcb8451b77f8cc09d09eadfab1
2008-12-01 16:38:59 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\Mozilla
2008-12-01 16:38:51 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 15:52:56 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\Macromedia
2008-12-01 15:52:56 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\Adobe
2008-11-30 18:02:31 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\.clamwin
2008-11-30 18:01:56 ----D---- C:\Documents and Settings\Boss.BOSS\Application Data\Identities
2008-11-30 18:01:36 ----SD---- C:\Documents and Settings\Boss.BOSS\Application Data\Microsoft
2008-11-30 18:01:36 ----ASH---- C:\Documents and Settings\Boss.BOSS\Application Data\desktop.ini
2008-11-30 10:23:06 ----D---- C:\Program Files\AV
2008-11-30 10:02:28 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-11-30 09:38:49 ----D---- C:\rsit
2008-11-30 09:35:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-30 09:27:14 ----D---- C:\Program Files\SW
2008-11-30 09:27:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-27 07:03:46 ----D---- C:\Program Files\Trend Micro
2008-11-21 19:06:12 ----A---- C:\WINDOWS\system32\muweb.dll
2008-11-21 19:06:12 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-21 19:06:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-21 19:06:10 ----A---- C:\WINDOWS\system32\wups2.dll
2008-11-21 19:06:10 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-21 19:06:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-21 19:06:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-21 19:06:07 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-21 19:06:06 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-21 19:06:03 ----A---- C:\WINDOWS\system32\cdm.dll
2008-11-15 17:08:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-12 21:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-04 07:18:16 ----D---- C:\Program Files\WinAVI Video Converter
2008-11-01 15:50:39 ----D---- C:\Program Files\BitTorrent
2008-10-26 08:10:02 ----D---- C:\Program Files\Common Files\Remote Control Software Common
2008-10-26 08:09:39 ----D---- C:\Program Files\Common Files\Remote Control USB Driver
2008-10-26 08:09:10 ----D---- C:\Program Files\Logitech
2008-10-24 21:26:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 22:00:25 ----D---- C:\MOVIE FILES
2008-10-15 17:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 11:31:27 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-10-13 11:30:56 ----D---- C:\Program Files\iPod
2008-10-13 11:30:51 ----D---- C:\Program Files\iTunes
2008-10-13 11:30:51 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 11:29:27 ----D---- C:\Program Files\QuickTime
2008-10-13 11:29:24 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-13 11:28:54 ----D---- C:\Program Files\Apple Software Update
2008-10-13 11:28:15 ----D---- C:\Program Files\Common Files\Apple
2008-10-13 11:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-13 15:23:40 ----D---- C:\Program Files\Common Files\xing shared
2008-09-10 06:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 06:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 3 months======

2008-12-02 11:13:31 ----D---- C:\WINDOWS\Prefetch
2008-12-02 10:37:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 07:10:49 ----SD---- C:\WINDOWS\Tasks
2008-12-01 23:32:17 ----D---- C:\WINDOWS\system32\drivers
2008-12-01 23:32:17 ----D---- C:\WINDOWS\system32
2008-12-01 23:32:15 ----D---- C:\WINDOWS
2008-12-01 23:29:40 ----A---- C:\WINDOWS\system.ini
2008-12-01 23:21:41 ----D---- C:\WINDOWS\system32\config
2008-12-01 23:17:11 ----D---- C:\WINDOWS\AppPatch
2008-12-01 23:17:11 ----D---- C:\Program Files\Common Files
2008-12-01 23:16:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-01 23:14:42 ----D---- C:\WINDOWS\system
2008-12-01 22:58:18 ----RASH---- C:\boot.ini
2008-12-01 22:55:41 ----D---- C:\WINDOWS\system32\Restore
2008-12-01 21:38:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-01 21:38:35 ----D---- C:\WINDOWS\Help
2008-12-01 21:38:35 ----D---- C:\Program Files\Internet Explorer
2008-12-01 17:01:48 ----D---- C:\WINDOWS\system32\en-US
2008-12-01 17:01:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 17:01:42 ----HD---- C:\WINDOWS\inf
2008-12-01 17:01:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-01 17:01:18 ----D---- C:\WINDOWS\WBEM
2008-12-01 17:01:14 ----D---- C:\WINDOWS\Media
2008-12-01 16:38:51 ----RD---- C:\Program Files
2008-12-01 15:43:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-01 15:35:16 ----D---- C:\Program Files\WinZip
2008-11-30 18:02:04 ----SHD---- C:\WINDOWS\Installer
2008-11-30 18:02:04 ----HD---- C:\Config.Msi
2008-11-30 18:01:59 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-30 18:01:35 ----D---- C:\Documents and Settings
2008-11-30 17:55:00 ----A---- C:\WINDOWS\win.ini
2008-11-30 17:13:26 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-30 17:09:23 ----D---- C:\Temp
2008-11-29 12:30:25 ----D---- C:\WINDOWS\network diagnostic
2008-11-29 11:25:41 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-29 11:11:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-29 11:10:06 ----D---- C:\WINDOWS\ie7updates
2008-11-29 11:10:06 ----A---- C:\WINDOWS\imsins.BAK
2008-11-29 11:04:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-29 11:03:00 ----D---- C:\Program Files\epson
2008-11-29 11:01:25 ----D---- C:\Program Files\BitZip
2008-11-29 10:59:29 ----D---- C:\Program Files\Creative
2008-11-29 09:58:53 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-29 08:49:53 ----A---- C:\WINDOWS\{00000002-00000000-0000000A-00001102-00000002-80651102}.BAK
2008-11-28 23:02:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-27 06:48:51 ----A---- C:\WINDOWS\NewsRover.INI
2008-11-27 06:48:48 ----D---- C:\Program Files\NewsRover
2008-11-26 21:37:44 ----D---- C:\WINDOWS\pss
2008-11-26 07:45:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 07:36:15 ----RSD---- C:\WINDOWS\assembly
2008-11-26 07:36:15 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-26 07:34:03 ----D---- C:\WINDOWS\WinSxS
2008-11-26 07:32:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 06:55:01 ----A---- C:\WINDOWS\setuplog.txt
2008-11-26 06:54:50 ----A---- C:\WINDOWS\system32\wpa.bak
2008-11-18 09:14:04 ----D---- C:\WINDOWS\Drivers
2008-11-06 09:20:45 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-04 10:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 06:18:05 ----D---- C:\WINDOWS\system32\wbem
2008-10-16 02:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-11 10:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-03 06:52:02 ----A---- C:\WINDOWS\swn32reg.dll
2008-09-27 09:48:01 ----A---- C:\WINDOWS\cdplayer.ini
2008-09-20 09:08:54 ----D---- C:\Program Files\Common Files\ACD Systems
2008-09-20 09:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-14 16:19:24 ----D---- C:\Program Files\TengScribe
2008-09-13 15:23:30 ----D---- C:\Program Files\Common Files\Real
2008-09-13 15:23:22 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-13 15:23:09 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-13 15:23:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-13 15:23:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-09-13 15:23:04 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-09-13 15:23:04 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-09-13 15:22:55 ----D---- C:\Program Files\Real
2008-09-10 11:14:56 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-05 03:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2006-01-17 29440]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-01-17 32640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-12-17 1918464]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2006-01-17 102016]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-04-05 88320]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-04-05 69472]
S3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 catchme;catchme; \??\C:\nanoFix\catchme.sys []
S3 Contddcnpor;Contddcnpor; C:\WINDOWS\system32\drivers\ati1xbxx.sys [2004-08-04 29455]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [2008-04-14 59136]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-01-16 666109]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-12-06 6400]
S3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 112574]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 SymEvent;SymEvent; \??\C:\WINDOWS\System32\Drivers\symevent.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBVSP;USBVSP; C:\WINDOWS\system32\drivers\Usbvsp.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-12-17 434176]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 EPSON_PM_RPC_03;EPSON STM Service03; C:\WINDOWS\system32\E_SSRP03.EXE [1999-10-29 59904]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2006-01-16 878592]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-03-04 1118208]
R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 StatusAgent;Epson Printer Status Agent; C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe [2000-03-13 213504]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-20 654848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

-----------------EOF-----------------

belgarath1960 · 2008/12/01

Sorry - another add - when I post here I now get Firefox hanging with a blank screen but the windowsbbs address still in the titlebar, with a note in the bottom left saying something about 'reading ad' something-or-other, and from other sites (e.g. pctools) referrals to 'google-analytics', as if info is being passed to some kind of tracking site... or am I now just getting too paranoid and need a cuppa and a lie-down...?

belgarath1960 · 2008/12/01

did it again this time I paid attention - the word 'context' flashed in, then ads.infinisource.com and a blank screen

noahdfear · 2008/12/01

Those are the ads on this site loading. No worries.
Your logs look clean, but please post the MBAM and Kaspersky logs too.

belgarath1960 · 2008/12/02

Thanks Heres the Kaspersky logfile, although it was done earlier today prior to a Malwarebytes & Spyware Doctor scan which each deleted several nasties. It seems every time a scan is done by a different engine more stuff is picked up. I have the full version of spyware doc installed and operating now, as well as WinPatrol. Just have to find & install a decent antivirus. I'll upload the MBAM log after this...
>>
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 2, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 18:39:03
Records in database: 1429900
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 98054
Threat name: 9
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 02:32:44

File name / Threat name / Threats count
C:\Documents and Settings\Boss\My Documents\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.Agent.ei 1
C:\Documents and Settings\Boss\My Documents\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.ko 1
C:\Documents and Settings\Boss\My Documents\Downloads\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareStop.jt 1
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmxwt.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSarxx.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnpur.dll.vir Infected: Rootkit.Win32.Clbd.lc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoitu.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvoqm.dll.vir Infected: Backdoor.Win32.TDSS.atb 1

The selected area was scanned.

belgarath1960 · 2008/12/02

This one is a fresh scan with MBAM, although just a quick scan -
>>
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 3

2/12/2008 5:41:16 p.m.
mbam-log-2008-12-02 (17-41-16).txt

Scan type: Quick Scan
Objects scanned: 64407
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

noahdfear · 2008/12/02

Delete the following file then empty the recycle bin.

C:\Documents and Settings\Boss\My Documents\Downloads\setupxv.exe

Let me know if your computer is behaving properly, and if so we'll cleanup.

belgarath1960 · 2008/12/03

Done. My PC seems OK with regard to the Web, links and google etc. My preferences seem to have been hijacked along the way though - when I log in as BOSS my settings and docs are pointing at another folder called Boss.BOSS. This means I can't see my old Outlook folders, or see my old shortcuts in a browser, etc. Is there an easy way to rectify this or is it something for another thread? The BOSS folder with all my old docs etc is still there on the C drive. Cheers

noahdfear · 2008/12/04

Suggests that you did a repair installation of Windows. Please click here and click Open to run profiles.exe, which will produce a text file that I need posted back here. You may save the file to your drive and run if from there if you prefer.

belgarath1960 · 2008/12/04

Thanks Here's the result>>
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Boss.BOSS
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Marg
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\AMBER
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Guest
SystemRoot REG_SZ C:\WINDOWS

Log in or Sign up

Solved Browser & google hijack and AV/Malware disabled

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Browser & google hijack and AV/Malware disabled

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

noahdfear Inactive

belgarath1960 Inactive Thread Starter

Share This Page

Useful Searches