Hi,
Sorry about the MBAM. I disabled my antivirus prior to running ComboFix, but when ComboFix rebooted the system, the antivirus started again. I don't know if that makes a difference or not.
Here is the ComboFix log:
ComboFix 09-04-04.01 - Owner 2009-04-12 1:45:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.190.38 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090411-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\facosuk._dl
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\jatisuh.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\uhocyhi.vbs
c:\windows\jestertb.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 01:37 . 2009-04-12 01:38 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-04-11 01:36 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 01:36 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-11 01:35 . 2009-04-11 01:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-11 01:05 . 2009-04-11 01:04 410,984 --a------ c:\windows\system32\deploytk.dll
2009-04-10 10:03 . 2009-04-10 10:04 <DIR> d-------- C:\rsit
2009-04-10 10:03 . 2009-04-11 12:45 <DIR> d-------- c:\program files\trend micro
2009-04-10 02:38 . 2009-04-10 02:38 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-04-10 00:39 . 2009-04-10 02:38 <DIR> d-------- c:\program files\Common Files\Agnitum Shared
2009-04-10 00:39 . 2009-04-10 00:39 <DIR> d-------- c:\program files\Agnitum
2009-04-09 01:14 . 2009-04-09 01:14 <DIR> d-------- c:\program files\Alwil Software
2009-04-08 21:32 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-04-08 21:31 . 2009-04-10 01:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\HouseCall 6.6
2009-04-08 01:05 . 2009-04-08 01:15 <DIR> d-------- c:\documents and settings\Owner\DoctorWeb
2009-04-08 00:46 . 2009-04-08 00:46 61,440 --a------ c:\windows\system32\drivers\bvaippcd.sys
2009-04-07 23:57 . 2009-04-07 23:57 61,440 --a------ c:\windows\system32\drivers\xlnrf.sys
2009-04-03 00:22 . 2009-04-03 00:59 <DIR> d-------- C:\DVDs
2009-03-19 01:00 . 2009-03-19 01:00 <DIR> d-------- c:\program files\audible
2009-03-12 16:21 . 2005-04-27 16:36 245,408 --a------ c:\windows\system32\unicows.dll
2009-03-12 16:13 . 2009-03-12 16:13 <DIR> d-------- c:\program files\OVT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 05:04 --------- d-----w c:\program files\Java
2009-04-08 03:57 248 ----a-w c:\program files\qnfvq.txt
2009-04-07 01:57 --------- d-----w c:\program files\Trillian
2009-04-03 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-20 05:19 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks
2009-03-12 20:21 --------- d-----w c:\documents and settings\Owner\Application Data\ArcSoft
2009-03-12 20:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 20:20 --------- d-----w c:\program files\Common Files\ArcSoft
2009-02-15 21:07 --------- d-----w c:\program files\iTunes
2009-02-15 21:07 --------- d-----w c:\program files\iPod
2009-02-15 21:07 --------- d-----w c:\program files\Common Files\Apple
2009-02-15 21:07 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-15 21:04 --------- d-----w c:\program files\Bonjour
2009-02-15 21:03 --------- d-----w c:\program files\QuickTime
2009-02-15 21:00 --------- d-----w c:\program files\Apple Software Update
2008-12-30 06:58 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2008-11-04 11:03 19,490 ----a-w c:\program files\Common Files\ykinibed.pif
2008-11-04 11:03 17,693 ----a-w c:\documents and settings\All Users\Application Data\ajiseny.com
2008-11-04 11:03 17,343 ----a-w c:\documents and settings\Owner\Application Data\dape.dat
2008-11-04 11:03 13,563 ----a-w c:\program files\Common Files\cehucop.com
2008-08-14 06:01 354 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-12-19 07:25 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121920081220\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,186,816 2007-06-01 22:59:28 c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft\MEDIC\Owner\exec\bak\SSGet.exe
----a-r 313,472 2006-03-30 20:45:08 c:\program files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 67,112 2006-08-01 19:35:36 c:\program files\AIM\bak\aim.exe
----a-w 42,032 2007-05-25 17:16:08 c:\program files\Common Files\AOL\1141433867\EE\bak\AOLSoftware.exe
----a-r 71,216 2006-10-23 12:50:37 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe
----a-w 1,193,472 2007-05-02 18:12:48 c:\program files\Common Files\TiVo Shared\Transfer\bak\TiVoTransfer.exe
----a-w 1,195,008 2007-09-25 15:33:52 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
----a-w 32,768 2005-01-12 11:01:32 c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe
----a-w 257,088 2007-06-01 20:51:26 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 290,088 2009-01-06 18:06:36 c:\program files\iTunes\iTunesHelper.exe
----a-w 132,496 2007-09-25 05:11:35 c:\program files\Java\jre1.6.0_03\bin\bak\jusched.exe
----a-w 192,512 2006-12-28 00:04:14 c:\program files\MEDIC\bin\bak\sprtcmd.exe
----a-w 282,624 2007-04-27 13:41:54 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2009-01-05 21:18:48 c:\program files\QuickTime\QTTask.exe
----a-w 737,370 2005-10-07 21:52:52 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 373,760 2007-05-02 18:13:12 c:\program files\TiVo\Desktop\bak\TiVoNotify.exe
----a-w 384,000 2007-09-25 15:34:16 c:\program files\TiVo\Desktop\TiVoNotify.exe
----a-w 1,463,296 2007-05-02 18:14:38 c:\program files\TiVo\Desktop\bak\TiVoServer.exe
----a-w 1,495,040 2007-09-25 15:35:44 c:\program files\TiVo\Desktop\TiVoServer.exe
----a-w 15,360 2004-08-04 19:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe
----a-w 98,304 2005-02-07 19:00:00 c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Download"="c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft\medic\Owner\exec\SSGet.exe 120
http://medic.rr.com/sdccommon/download/medic6.exe medic6.exe" [N/A]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-09-25 1195008]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2007-09-25 384000]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2007-09-25 1495040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [N/A]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-02-22 72192]
"Ovt Wia"="c:\windows\OV550EM.exe" [2008-01-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 c:\windows\system32\VTTrayp.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 c:\windows\AGRSMMSG.exe]
"NWEReboot"="" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ VHS Converter Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EZ VHS Converter Monitor.lnk
backup=c:\windows\pss\EZ VHS Converter Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
c:\program files\AIM6\aim6.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-25 22:30 50776 c:\program files\America Online 9.0\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
c:\program files\Common Files\AOL\ACS\AOLDial.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-02-22 10:33 72192 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
c:\program files\Common Files\AOL\1141433867\ee\AOLSoftware.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\progra~1\mcafee.com\agent\mcagent.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\progra~1\mcafee.com\agent\McUpdate.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
c:\program files\Common Files\AOL\1141433867\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141433867\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-09 20560]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\ov550i.sys [2006-07-31 580992]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);c:\windows\system32\drivers\pc22nd5.sys [2001-11-09 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;c:\windows\system32\drivers\pc22unic.sys [2007-02-10 69744]
--- Other Services/Drivers In Memory ---
*Deregistered* - aawservice
*Deregistered* - ACDaemon
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - PrismXL
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TivoBeacon2
*Deregistered* - TrkWks
*Deregistered* - ultra
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - wanatw
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce68955d-282b-11dc-a525-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://broadband.zoomtown.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-12 01:59:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2521510198-3322848125-1383142349-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2521510198-3322848125-1383142349-1003\Software\SecuROM\License information*]
"datasecu"=hex:45,08,0f,45,8e,fc,80,01,a6,2c,a8,74,39,22,b4,7c,f3,6b,79,e5,d9,
cd,cf,e2,fd,ec,36,6c,88,1f,d4,5b,bf,ed,c7,90,9e,1c,61,1b,a6,38,d5,21,94,26,\
"rkeysecu"=hex:1f,e9,38,71,c5,7f,22,f2,c3,41,e9,bb,54,0e,3f,c4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3620)
c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\combofix\hidec.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2009-04-12 2:13:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-12 06:12:10
Pre-Run: 6,015,963,136 bytes free
Post-Run: 6,146,899,968 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
321 --- E O F --- 2009-03-18 07:04:14
and here is the HijackThis log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-04-12 02:25:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (11%) free of 53 GB
Total RAM: 190 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:10 AM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://broadband.zoomtown.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Ovt Wia] C:\WINDOWS\OV550EM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Download] "C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\medic\Owner\exec\SSGet.exe" 120 "
http://medic.rr.com/sdccommon/download/medic6.exe" "medic6.exe" Log ""
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://activation.rr.com/install/downloads/tgctlcm.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://support.gateway.com/support/profiler/PCPitStop.CABO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish.com/SnapfishActivia.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229666954500O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
http://support.gateway.com/support/serialharvest/gwCID.CABO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocxO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8633 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-11 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-01 163840]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-14 88203]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-11 148888]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 EPSON Stylus CX3800 Series /O6 USB002 /M Stylus CX3800 []
"NWEReboot"= []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]
"Ovt Wia"=C:\WINDOWS\OV550EM.exe [2008-01-28 36864]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []
"Download"=C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\medic\Owner\exec\SSGet.exe 120
http://medic.rr.com/sdccommon/download/medic6.exe medic6.exe Log []
"TivoTransfer"=C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2007-09-25 1195008]
"TivoNotify"=C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2007-09-25 384000]
"TivoServer"=C:\Program Files\TiVo\Desktop\TiVoServer.exe [2007-09-25 1495040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-25 50776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-02-22 72192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1141433867\ee\AOLSoftware.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Run []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
C:\Program Files\Common Files\AOL\1141433867\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ VHS Converter Monitor.lnk]
C:\PROGRA~1\ION\EZVHSC~1\MEDIAT~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA.EXE [1997-07-11 51984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2
"AOL ACS"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1141433867\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1141433867\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce68955d-282b-11dc-a525-00038a000015}]
shell\AutoRun\command - F:\Installer.exe
======File associations======
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-04-12 02:13:55 ----A---- C:\ComboFix.txt
2009-04-12 01:43:53 ----A---- C:\Boot.bak
2009-04-12 01:43:43 ----RASHD---- C:\cmdcons
2009-04-12 01:38:32 ----A---- C:\WINDOWS\zip.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\VFIND.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\SWSC.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\SWREG.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\sed.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\grep.exe
2009-04-12 01:38:32 ----A---- C:\WINDOWS\fdsv.exe
2009-04-12 01:38:20 ----D---- C:\WINDOWS\ERDNT
2009-04-12 01:38:16 ----D---- C:\ComboFix
2009-04-12 01:37:46 ----D---- C:\Qoobox
2009-04-12 01:37:15 ----D---- C:\32788R22FWJFW.0.tmp
2009-04-11 01:35:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-11 01:05:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-11 01:05:34 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-11 01:05:33 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-11 01:05:33 ----A---- C:\WINDOWS\system32\java.exe
2009-04-10 10:03:10 ----D---- C:\Program Files\trend micro
2009-04-10 10:03:00 ----D---- C:\rsit
2009-04-10 02:38:49 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2009-04-10 00:39:54 ----D---- C:\Program Files\Common Files\Agnitum Shared
2009-04-10 00:39:40 ----D---- C:\Program Files\Agnitum
2009-04-09 01:14:16 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-09 01:14:09 ----D---- C:\Program Files\Alwil Software
2009-04-08 21:31:57 ----D---- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2009-04-08 00:46:29 ----A---- C:\wueseed.txt
2009-04-07 23:57:19 ----A---- C:\Program Files\qnfvq.txt
2009-04-03 00:22:55 ----D---- C:\DVDs
2009-03-19 01:00:19 ----D---- C:\Program Files\audible
======List of files/folders modified in the last 1 months======
2009-04-12 02:14:20 ----D---- C:\WINDOWS\Temp
2009-04-12 02:14:20 ----D---- C:\WINDOWS\system32
2009-04-12 02:14:20 ----D---- C:\WINDOWS\Prefetch
2009-04-12 02:14:19 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 02:14:01 ----D---- C:\WINDOWS
2009-04-12 02:08:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-12 02:03:29 ----A---- C:\WINDOWS\system.ini
2009-04-12 01:50:19 ----D---- C:\WINDOWS\system32\config
2009-04-12 01:47:30 ----D---- C:\WINDOWS\AppPatch
2009-04-12 01:47:24 ----D---- C:\Program Files\Common Files
2009-04-12 01:43:53 ----RASH---- C:\boot.ini
2009-04-12 01:42:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-11 01:35:57 ----RD---- C:\Program Files
2009-04-11 01:05:58 ----SHD---- C:\WINDOWS\Installer
2009-04-11 01:05:57 ----HD---- C:\Config.Msi
2009-04-11 01:04:25 ----D---- C:\Program Files\Java
2009-04-08 00:46:13 ----RSD---- C:\WINDOWS\Fonts
2009-04-06 21:57:01 ----D---- C:\Program Files\Trillian
2009-04-05 12:24:33 ----D---- C:\WINDOWS\system32\Macromed
2009-04-05 02:39:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-05 02:39:50 ----HD---- C:\WINDOWS\inf
2009-04-04 20:50:07 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2009-04-03 00:22:22 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-03-23 00:25:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-20 01:19:55 ----HD---- C:\Documents and Settings\Owner\Application Data\Move Networks
2009-03-13 23:29:16 ----D---- C:\WINDOWS\Minidump
2009-03-13 23:09:54 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-03-03 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-16 8413]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-10-14 1121472]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2008-05-14 308992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-07 191872]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-21 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-12-27 247040]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R4 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 APL531;CRS Photo Scanner; C:\WINDOWS\System32\Drivers\ov550i.sys [2006-07-31 580992]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS); C:\WINDOWS\system32\DRIVERS\pc22nd5.sys [2001-11-09 17648]
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver; C:\WINDOWS\system32\DRIVERS\pc22unic.sys [2001-11-08 69744]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-27 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS_XP;Westell USB Network Interface; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2; C:\WINDOWS\system32\DRIVERS\USB200M2.sys [2005-04-21 18048]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VCR2PC;VCR2PC Analog Capture; C:\WINDOWS\system32\DRIVERS\0140_ION.sys [2008-05-08 277888]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-04 611664]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-02-22 104960]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-11 152984]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-03-03 172032]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 867328]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
-----------------EOF-----------------
