Trying to access malware infected drive

[DarkMagician66]

Hello, I believe (know) that my XP Home system security was compromised and the symptoms initially were Explorer crashes and restarts, desktop and toolbars vanish and reappear and regedit is disabled. Also the Kaspersky Internet Security signature update has been blocked and svchost connections multiply rapidly (still have access to Task Manager but most programs that are opened disappear / crash so it's difficult to run anything at present). I have removed the HDDs and docked them to a laptop via USB, disabling autorun prior to plugging them in, so that I could scan them. SuperAntiSpyware running on the laptop detected over 300 problems during it's scan, and envoked AVG to identify more than 12 trojans / worms including 3 Vundo variants and a couple of root kits. These were cleaned from the HDDs but I am now worried that there are registry entries that will bring them back if I boot the drives up again in the original system. Where do I go from here? Thanks.

[DarkMagician66]

I have accessed the drives in safe mode but cannot update XP via Microsoft Update - here is the HiJackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:09, on 09/11/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {75f5e048-3311-4347-acff-8b26fbd47309} - C:\WINDOWS\system32\vtUlKBQH.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\jsd72hf4t.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - C:\WINDOWS\system32\jsd72hf4t.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [CreativeMouse] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143679318\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [lphce3wj0e9at] C:\WINDOWS\System32\lphce3wj0e9at.exe
O4 - HKCU\..\Run: [AWMON] C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
O4 - HKCU\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKCU\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKCU\..\Run: [CreativeMouse] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKCU\..\Run: [kis] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memeo AutoBackup Pro Launcher.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: RAID Manager.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted IP range: 192.168.2.1
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O20 - Winlogon Notify: wvUlmkJc - wvUlmkJc.dll (file missing)
O20 - Winlogon Notify: xnrtza - xnrtza.dll (file missing)
O22 - SharedTaskScheduler: lksdfj98w3rmsekfnaui3rgfdgf - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsd72hf4t.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 9334 bytes

[Ried]

Hello DarkMagician66,

Download dds.scr and save it to your desktop.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

1. Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.

2. Double click dds.scr to run the tool.

• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

-----------------------------------------------------

Please include the contents of the following in your next reply:

dds.txt

Attach the following reports to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on teh composition page. Browse to where you saved the file, and click Upload.

gmer.txt
Attach.txt

[DarkMagician66]

Update: I have managed to access the HDD normally and the system appears reasonably stable and has updated itself via Windows Update. Here is the DDS info...

DDS (Version 1.0) - NTFSx86
Run by Dave at 19:44:28.40 on 11/11/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1204 [GMT 0:00]

=============== Created Last 30 ================

2008-11-11 19:40 <DIR> --d----- c:\windows\LastGood
2008-11-11 19:25 <DIR> --d----- c:\windows\Prefetch
2008-11-11 00:37 7,208 -------- c:\windows\system32\secupd.sig
2008-11-11 00:37 4,569 -------- c:\windows\system32\secupd.dat
2008-11-11 00:37 23,024 a------- c:\windows\system32\ieuinit.inf
2008-11-11 00:15 1,082,368 a------- c:\windows\system32\esent.dll
2008-11-11 00:08 <DIR> --d----- C:\Kontiki
2008-11-10 22:39 351,232 a------- c:\windows\system32\winhttp.dll
2008-11-10 22:39 18,944 a------- c:\windows\system32\qmgrprxy.dll
2008-11-10 21:44 250 a------- c:\windows\gmer.ini
2008-11-09 23:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-09 23:35 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-09 23:35 <DIR> --d----- c:\docume~1\dave\applic~1\SUPERAntiSpyware.com
2008-11-09 17:21 <DIR> --d----- c:\program files\Trend Micro
2008-11-09 17:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-04 22:43 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-10-13 21:56 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2008-10-13 21:55 <DIR> --d----- c:\docume~1\dave\applic~1\HouseCall 6.6
2008-10-13 21:44 215,752 a------- c:\windows\system32\wuaucpl.cpl

================== Find3M ==================

2008-11-11 19:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2008-11-11 01:15 <DIR> --d----- c:\program files\Windows NT
2008-10-16 00:11 789,662 a--sh--- c:\windows\system32\HQBKlUtv.ini2
2008-10-13 21:44 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-10-06 10:04 23,348 ac------ c:\windows\system32\emptyregdb.dat
2008-10-01 19:51 <DIR> --d----- c:\program files\RegCure
2008-09-30 06:24 <DIR> --d----- c:\docume~1\dave\applic~1\LimeWire
2008-09-30 06:20 <DIR> --d----- c:\program files\Incomplete
2008-09-30 06:20 <DIR> --d----- c:\program files\LimeWire
2008-09-28 22:57 16,608 a------- c:\windows\gdrv.sys
2008-09-24 20:37 <DIR> --d----- c:\program files\Gigabyte
2008-09-24 20:36 <DIR> --d----- c:\program files\DIFX
2008-09-24 20:35 <DIR> --d----- c:\program files\AMD
2008-09-24 20:29 <DIR> --d----- c:\program files\ATI Technologies
2008-06-11 18:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-06-03 22:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sky
2008-05-24 07:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-05-21 23:11 <DIR> --d----- c:\docume~1\dave\applic~1\SpywareStop
2008-04-25 01:39 <DIR> --ds---- c:\docume~1\alluse~1\applic~1\Memeo
2008-04-20 12:58 <DIR> --d----- c:\docume~1\dave\applic~1\EPSON
2008-04-17 22:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AOL
2008-03-02 23:44 <DIR> --d----- c:\docume~1\dave\applic~1\ZipGenius
2008-02-19 06:25 <DIR> --d----- c:\docume~1\dave\applic~1\TomTom
2008-01-19 00:04 <DIR> --ds---- c:\docume~1\alluse~1\applic~1\Seagate
2007-11-19 23:59 <DIR> --d----- c:\docume~1\dave\applic~1\ATI
2007-11-13 22:04 <DIR> --d----- c:\docume~1\dave\applic~1\Sony
2007-11-13 22:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony
2007-11-13 21:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BVRP Software
2007-10-29 23:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Tanagra
2007-10-18 20:09 <DIR> --d----- c:\docume~1\dave\applic~1\Azureus
2007-08-25 11:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2007-07-14 13:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2007-04-12 21:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative
2007-03-04 15:21 <DIR> --d----- c:\docume~1\dave\applic~1\Creative
2007-02-10 10:18 <DIR> --d----- c:\docume~1\dave\applic~1\TuneUp Software
2007-02-10 10:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2007-02-09 23:20 <DIR> --d----- c:\docume~1\dave\applic~1\Uniblue
2007-02-01 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TomTom
2006-12-11 23:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AOL Downloads
2006-12-07 11:14 <DIR> --d----- c:\docume~1\dave\applic~1\AOL
2006-10-28 01:02 <DIR> --d----- c:\docume~1\dave\applic~1\DivX
2006-08-28 23:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers Headquarters
2006-06-24 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2006-06-04 11:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2006-06-04 11:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2006-04-23 14:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ahead
2006-03-31 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Windows Genuine Advantage
2006-03-26 17:17 <DIR> --d----- c:\docume~1\dave\applic~1\You've Got Pictures Screensaver
2006-03-26 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2006-03-21 20:41 <DIR> --d----- c:\docume~1\dave\applic~1\Logitech
2006-03-20 06:55 <DIR> --d----- c:\docume~1\dave\applic~1\Symantec
2008-08-04 21:00 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-08-04 21:00 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-08-04 21:00 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: {75f5e048-3311-4347-acff-8b26fbd47309} - c:\windows\system32\vtUlKBQH.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
TB: {F2CF5485-4E02-4F68-819C-B92DE9277049} - c:\windows\system32\ieframe.dll
uRun: [AWMON] c:\progra~1\lavasoft\ad-awa~1\Ad-Watch.exe
uRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
uRun: [M1000Mnt] M1000Rmv.exe /StartStillMnt
uRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
uRun: [EPSON Stylus Photo RX520 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
uRun: [CreativeMouse] c:\program files\mouse driver\MouseDrv.exe
uRun: [kis] c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [kis] "c:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe"
mRun: [CreativeMouse] c:\program files\mouse driver\MouseDrv.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HostManager] c:\program files\common files\aol\1143679318\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [M1000Mnt] M1000Rmv.exe /StartStillMnt
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Jnskdfmf9eldfd] c:\windows\temp\csrssc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\raid manager.lnk - c:\program files\ite\ite it8212 ata raid controller\RaidMgr.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-system: DisableTaskMgr = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoResolveSearch = 1 (0x1)
mPolicies-system: DisableTaskMgr = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: NoDispBackgroundPage = 1 (0x1)
dPolicies-system: NoDispScrSavPage = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Add to Kaspersky Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 6.0\\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 6.0\scieplugin.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
Handler: AutorunsDisabled\bw+0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw+0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw-0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw-0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw00 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw00s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw10 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw10s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw20 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw20s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw30 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw30s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw40 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw40s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw50 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw50s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw60 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw60s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw70 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw70s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw80 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw80s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw90 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bw90s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwa0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwa0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwb0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwb0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwc0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwc0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwd0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwd0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwe0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwe0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwf0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwf0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwg0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwg0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwh0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwh0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwi0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwi0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwj0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwj0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwk0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwk0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwl0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwl0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwm0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwm0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwn0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwn0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwo0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwo0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwp0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwp0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwq0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwq0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwr0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwr0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bws0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bws0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwt0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwt0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwu0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwu0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwv0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwv0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bww0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bww0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwx0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwx0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwy0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwy0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwz0 - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\bwz0s - {8bd88a42-2ac1-4a35-bfbf-4f5c7104b05a} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: AutorunsDisabled\offline-8876480 - {8BD88A42-2AC1-4A35-BFBF-4F5C7104B05A} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll
Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - c:\progra~1\common~1\micros~1\webcom~1\10\OWC10.DLL
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - c:\progra~1\common~1\micros~1\webcom~1\11\OWC11.DLL
Notify: !SASWinLogon -c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent -Ati2evxx.dll
Notify: igfxcui -igfxdev.dll
Notify: klogon -c:\windows\system32\klogon.dll
Notify: wineak32 -wineak32.dll
Notify: wvUlmkJc -wvUlmkJc.dll
Notify: xnrtza -xnrtza.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\adialhk.dll
SSODL: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll
SEH: {A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8} - c:\windows\system32\wvUlmkJc.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap c:\windows\system32\vtUlKBQH

============= SERVICES / DRIVERS ==============

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.sys
S0 ati0daxx;ati0daxx;c:\windows\system32\drivers\ati0daxx.sys
S0 ati1tbxx;ati1tbxx;c:\windows\system32\drivers\ati1tbxx.sys
S0 ati2ftxx;ati2ftxx;c:\windows\system32\drivers\ati2ftxx.sys
S0 ati8nyxx;ati8nyxx;c:\windows\system32\drivers\ati8nyxx.sys
S0 ati8vkxx;ati8vkxx;c:\windows\system32\drivers\ati8vkxx.sys
S3 ATICDSDr;ATICDSDr;c:\docume~1\dave\locals~1\temp\ATICDSDr.sys
S2 bfyfwdehzqv;bfyfwdehzqv;c:\windows\system32\drivers\szkuwvtgnl.sys
S3 Cap7134;Philips Cap7134 Capture;c:\windows\system32\drivers\Cap7134.sys
S2 eggqpvflmvb;eggqpvflmvb;c:\windows\system32\drivers\rymkspfguji.sys
S2 fanvqnehe;fanvqnehe;c:\windows\system32\drivers\zltrgpinup.sys
S3 FXDRV;FXDRV;c:\program files\superutility\Fxdrv.sys
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys
S1 glaide32;glaide32;c:\windows\system32\drivers\glaide32.sys
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys
S3 lanusb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\drivers\glausb.sys
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys
S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys
R3 PPPoEWin;PPPoEWin Miniport;c:\windows\system32\drivers\PPPoEWin.SYS
S2 qhpmzxdhbv;qhpmzxdhbv;c:\windows\system32\drivers\vcpovkjrwb.sys
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys
S3 restore;restore;c:\windows\system32\drivers\restore.sys
S0 spywarestop;spywarestop;c:\windows\system32\drivers\spywarestop.sys
S2 thcglpcsdbh;thcglpcsdbh;c:\windows\system32\drivers\fieprlzhtizwys.sys
S2 vbjzssre;vbjzssre;c:\windows\system32\drivers\ebwer.sys
S2 vyykucmbg;vyykucmbg;c:\windows\system32\drivers\ngbsztbdtm.sys
S2 fci;FCI;c:\windows\system32\svchost.exe:ext.exe
S2 ICF;ICF;c:\windows\system32\svchost.exe:ext.exe
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe
S2 psyche;psyche;c:\windows\system32\psyche.exe

============= FINISH: 19:45:04.23 ===============

[DarkMagician66]

Full gmer.txt attached - not sure if I did it correctly the first time?

[Ried]

Thanks. : )

Before we begin, I would be remiss if I didn't tell you that if this were my system infected with as many nasties as I see on here, I would reformat and reinstall.

If you wish to continue, this will take more than 1 round, so please stay with me even if symptoms seemingly abate.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on combofix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[DarkMagician66]

Combofix log attached.

ComboFix 08-11-11.01 - Dave 2008-11-12 19:51:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1499 [GMT 0:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\system32\HQBKlUtv.ini
c:\windows\system32\HQBKlUtv.ini2
c:\windows\system32\twain_32
c:\windows\system32\twain_32\00023A21.uf
c:\windows\system32\twain_32\000F4B19.uf
c:\windows\system32\twain_32\000F72E5.uf
c:\windows\system32\twain_32\000F9A81.uf
c:\windows\system32\twain_32\0012F219.uf
c:\windows\system32\twain_32\00131967.uf
c:\windows\system32\twain_32\001340F4.uf
c:\windows\system32\twain_32\00137C76.uf
c:\windows\system32\twain_32\00399B6F.uf
c:\windows\system32\twain_32\0039C2FC.uf
c:\windows\system32\twain_32\0039EBA3.uf
c:\windows\system32\twain_32\003A12F1.uf
c:\windows\system32\twain_32\003A3A40.uf
c:\windows\system32\twain_32\003A88BD.uf
c:\windows\system32\twain_32\003AAFFC.uf
c:\windows\system32\twain_32\003AD74B.uf
c:\windows\system32\twain_32\003AFE8A.uf
c:\windows\system32\twain_32\003B25C8.uf
c:\windows\system32\twain_32\003B4D07.uf
c:\windows\system32\twain_32\003B7456.uf
c:\windows\system32\twain_32\003B9BA4.uf
c:\windows\system32\twain_32\003BC2F3.uf
c:\windows\system32\twain_32\003BEA41.uf
c:\windows\system32\twain_32\003C3CA7.uf
c:\windows\system32\twain_32\003C6424.uf
c:\windows\system32\twain_32\003C8BC1.uf
c:\windows\system32\twain_32\003CB300.uf
c:\windows\system32\twain_32\003CDA3F.uf
c:\windows\system32\twain_32\003D4FEC.uf
c:\windows\system32\twain_32\003D772B.uf
c:\windows\system32\twain_32\003D9E79.uf
c:\windows\system32\twain_32\003DC5C8.uf
c:\windows\system32\twain_32\003DED07.uf
c:\windows\system32\twain_32\003E1445.uf
c:\windows\system32\twain_32\003E3B94.uf
c:\windows\system32\twain_32\003E62D3.uf
c:\windows\system32\twain_32\003EB151.uf
c:\windows\system32\twain_32\003EDC87.uf
c:\windows\system32\twain_32\003F03F5.uf
c:\windows\system32\twain_32\003F2BB1.uf
c:\windows\system32\twain_32\003F52F0.uf
c:\windows\system32\twain_32\003FA15E.uf
c:\windows\system32\twain_32\003FC89D.uf
c:\windows\system32\twain_32\003FEFDB.uf
c:\windows\system32\twain_32\0040172A.uf
c:\windows\system32\twain_32\00403E78.uf
c:\windows\system32\twain_32\004065C7.uf
c:\windows\system32\twain_32\00408D06.uf
c:\windows\system32\twain_32\0040B445.uf
c:\windows\system32\twain_32\004106BA.uf
c:\windows\system32\twain_32\00412E28.uf
c:\windows\system32\twain_32\004155B5.uf
c:\windows\system32\twain_32\00417CF4.uf
c:\windows\system32\twain_32\0041F2A1.uf
c:\windows\system32\twain_32\004219E0.uf
c:\windows\system32\twain_32\0042412E.uf
c:\windows\system32\twain_32\0042686D.uf
c:\windows\system32\twain_32\00428FAC.uf
c:\windows\system32\twain_32\0042B6FA.uf
c:\windows\system32\twain_32\0042DE39.uf
c:\windows\system32\twain_32\00430578.uf
c:\windows\system32\twain_32\00432CB7.uf
c:\windows\system32\twain_32\0043580D.uf
c:\windows\system32\twain_32\0043D1D1.uf
c:\windows\system32\twain_32\0043F93E.uf
c:\windows\system32\twain_32\004447FB.uf
c:\windows\system32\twain_32\00449678.uf
c:\windows\system32\twain_32\0044BDB7.uf
c:\windows\system32\twain_32\0044E506.uf
c:\windows\system32\twain_32\00450C54.uf
c:\windows\system32\twain_32\004533A3.uf
c:\windows\system32\twain_32\00455AE2.uf
c:\windows\system32\twain_32\00458230.uf
c:\windows\system32\twain_32\0045A96F.uf
c:\windows\system32\twain_32\0045F7DD.uf
c:\windows\system32\twain_32\00462314.uf
c:\windows\system32\twain_32\004671C0.uf
c:\windows\system32\twain_32\0046991E.uf
c:\windows\system32\twain_32\0046C07C.uf
c:\windows\system32\twain_32\0046E7BB.uf
c:\windows\system32\twain_32\00470F19.uf
c:\windows\system32\twain_32\00473678.uf
c:\windows\system32\twain_32\00475DD6.uf
c:\windows\system32\twain_32\00478524.uf
c:\windows\system32\twain_32\0047AC73.uf
c:\windows\system32\twain_32\0047D3C1.uf
c:\windows\system32\twain_32\0047FB00.uf
c:\windows\system32\twain_32\0048223F.uf
c:\windows\system32\twain_32\0048497E.uf
c:\windows\system32\twain_32\004870BD.uf
c:\windows\system32\twain_32\004897FC.uf
c:\windows\system32\twain_32\0048BF3A.uf
c:\windows\system32\twain_32\0048E679.uf
c:\windows\system32\twain_32\00490DB8.uf
c:\windows\system32\twain_32\00493507.uf
c:\windows\system32\twain_32\00495C46.uf
c:\windows\system32\twain_32\00498394.uf
c:\windows\system32\twain_32\0049AAE3.uf
c:\windows\system32\twain_32\0049D231.uf
c:\windows\system32\twain_32\0049F99F.uf
c:\windows\system32\twain_32\004A20FD.uf
c:\windows\system32\twain_32\004A484B.uf
c:\windows\system32\twain_32\004A6FAA.uf
c:\windows\system32\twain_32\004A96E8.uf
c:\windows\system32\twain_32\004AC23E.uf
c:\windows\system32\twain_32\004AE9AC.uf
c:\windows\system32\twain_32\004B1139.uf
c:\windows\system32\twain_32\004B3878.uf
c:\windows\system32\twain_32\004B5FB7.uf
c:\windows\system32\twain_32\004B86F6.uf
c:\windows\system32\twain_32\004BAE34.uf
c:\windows\system32\twain_32\004BD573.uf
c:\windows\system32\twain_32\004BFCC2.uf
c:\windows\system32\twain_32\004C2401.uf
c:\windows\system32\twain_32\004C9D96.uf
c:\windows\system32\twain_32\004CC513.uf
c:\windows\system32\twain_32\004CECA0.uf
c:\windows\system32\twain_32\004D140E.uf
c:\windows\system32\twain_32\004D3F73.uf
c:\windows\system32\twain_32\004D6EA1.uf
c:\windows\system32\twain_32\004D9870.uf
c:\windows\system32\twain_32\004DC220.uf
c:\windows\system32\twain_32\004DE96F.uf
c:\windows\system32\twain_32\004E10CD.uf
c:\windows\system32\twain_32\004E380C.uf
c:\windows\system32\twain_32\004EB1C0.uf
c:\windows\system32\twain_32\004ED91E.uf
c:\windows\system32\twain_32\004F2819.uf
c:\windows\system32\twain_32\004F4F58.uf
c:\windows\system32\twain_32\004F7697.uf
c:\windows\system32\twain_32\004F9DD6.uf
c:\windows\system32\twain_32\004FEC44.uf
c:\windows\system32\twain_32\00501383.uf
c:\windows\system32\twain_32\00503AC1.uf
c:\windows\system32\twain_32\00506200.uf
c:\windows\system32\twain_32\0050893F.uf
c:\windows\system32\twain_32\0050B07E.uf
c:\windows\system32\twain_32\0050D7BD.uf
c:\windows\system32\twain_32\0050FF1B.uf
c:\windows\system32\twain_32\005135FA.uf
c:\windows\system32\twain_32\00515D58.uf
c:\windows\system32\twain_32\005184C6.uf
c:\windows\system32\twain_32\0051D3C1.uf
c:\windows\system32\twain_32\0051FCE4.uf
c:\windows\system32\twain_32\00522432.uf
c:\windows\system32\twain_32\00524F78.uf
c:\windows\system32\twain_32\005276D7.uf
c:\windows\system32\twain_32\00529E64.uf
c:\windows\system32\twain_32\0052C5C2.uf
c:\windows\system32\twain_32\0052ED20.uf
c:\windows\system32\twain_32\005314AD.uf
c:\windows\system32\twain_32\00533C1B.uf
c:\windows\system32\twain_32\00536359.uf
c:\windows\system32\twain_32\00538AC7.uf
c:\windows\system32\twain_32\0053B225.uf
c:\windows\system32\twain_32\0053D983.uf
c:\windows\system32\twain_32\005400E2.uf
c:\windows\system32\twain_32\00542840.uf
c:\windows\system32\twain_32\00544F9E.uf
c:\windows\system32\twain_32\005476FC.uf
c:\windows\system32\twain_32\00549E5A.uf
c:\windows\system32\twain_32\0054C5B8.uf
c:\windows\system32\twain_32\0054ED16.uf
c:\windows\system32\twain_32\005514C3.uf
c:\windows\system32\twain_32\00553C21.uf
c:\windows\system32\twain_32\00556B3F.uf
c:\windows\system32\twain_32\00559666.uf
c:\windows\system32\twain_32\0055BDD4.uf
c:\windows\system32\twain_32\0055E551.uf
c:\windows\system32\twain_32\00560CA0.uf
c:\windows\system32\twain_32\005633FE.uf
c:\windows\system32\twain_32\00565B5C.uf
c:\windows\system32\twain_32\005682D9.uf
c:\windows\system32\twain_32\0056AA37.uf
c:\windows\system32\twain_32\0056D213.uf
c:\windows\system32\twain_32\0056F9FD.uf
c:\windows\system32\twain_32\0057214C.uf
c:\windows\system32\twain_32\005748AA.uf
c:\windows\system32\twain_32\00576FF8.uf
c:\windows\system32\twain_32\00579766.uf
c:\windows\system32\twain_32\0057BEE4.uf
c:\windows\system32\twain_32\0057E642.uf
c:\windows\system32\twain_32\00580EE8.uf
c:\windows\system32\twain_32\0058375F.uf
c:\windows\system32\twain_32\00585EDD.uf
c:\windows\system32\twain_32\0058863B.uf
c:\windows\system32\twain_32\0058AE16.uf
c:\windows\system32\twain_32\0058D574.uf
c:\windows\system32\twain_32\0058FCD2.uf
c:\windows\system32\twain_32\00592421.uf
c:\windows\system32\twain_32\00594BCD.uf
c:\windows\system32\twain_32\0059731B.uf
c:\windows\system32\twain_32\00599A7A.uf
c:\windows\system32\twain_32\0059C1E7.uf
c:\windows\system32\twain_32\0059E945.uf
c:\windows\system32\twain_32\005A10B3.uf
c:\windows\system32\twain_32\005A3802.uf
c:\windows\system32\twain_32\005A5F60.uf
c:\windows\system32\twain_32\005A86CE.uf
c:\windows\system32\twain_32\005AAF06.uf
c:\windows\system32\twain_32\005AD655.uf
c:\windows\system32\twain_32\005AFD84.uf
c:\windows\system32\twain_32\005B24E2.uf
c:\windows\system32\twain_32\005B4C50.uf
c:\windows\system32\twain_32\005B73CD.uf
c:\windows\system32\twain_32\005B9B2C.uf
c:\windows\system32\twain_32\005BC26A.uf
c:\windows\system32\twain_32\005BE9C9.uf
c:\windows\system32\twain_32\005C1117.uf
c:\windows\system32\twain_32\005C3885.uf
c:\windows\system32\twain_32\005C5FE3.uf
c:\windows\system32\twain_32\005C8751.uf
c:\windows\system32\twain_32\005CAEAF.uf
c:\windows\system32\twain_32\005CD63C.uf
c:\windows\system32\twain_32\005CFD7B.uf
c:\windows\system32\twain_32\005D24D9.uf
c:\windows\system32\twain_32\005D4C18.uf
c:\windows\system32\twain_32\005D7366.uf
c:\windows\system32\twain_32\005D9AB5.uf
c:\windows\system32\twain_32\005DC213.uf
c:\windows\system32\twain_32\005DE952.uf
c:\windows\system32\twain_32\005E188F.uf
c:\windows\system32\twain_32\005E43D6.uf
c:\windows\system32\twain_32\005E6B34.uf
c:\windows\system32\twain_32\005E9292.uf
c:\windows\system32\twain_32\005EBA00.uf
c:\windows\system32\twain_32\005EE16D.uf
c:\windows\system32\twain_32\005F08BC.uf
c:\windows\system32\twain_32\005F3172.uf
c:\windows\system32\twain_32\005F58D0.uf
c:\windows\system32\twain_32\005F800F.uf
c:\windows\system32\twain_32\005FA79C.uf
c:\windows\system32\twain_32\005FCEDB.uf
c:\windows\system32\twain_32\005FF619.uf
c:\windows\system32\twain_32\00601D78.uf
c:\windows\system32\twain_32\006044B6.uf
c:\windows\system32\twain_32\00606C15.uf
c:\windows\system32\twain_32\00609363.uf
c:\windows\system32\twain_32\0060C2B0.uf
c:\windows\system32\twain_32\0060E9FF.uf
c:\windows\system32\twain_32\0061115D.uf
c:\windows\system32\twain_32\00616058.uf
c:\windows\system32\twain_32\0061897B.uf
c:\windows\system32\twain_32\0061B0D9.uf
c:\windows\system32\twain_32\0061DC1F.uf
c:\windows\system32\twain_32\0062037D.uf
c:\windows\system32\twain_32\00622AEB.uf
c:\windows\system32\twain_32\00625249.uf
c:\windows\system32\twain_32\006279A7.uf
c:\windows\system32\twain_32\0062A134.uf
c:\windows\system32\twain_32\0062C8B2.uf
c:\windows\system32\twain_32\0062EFF1.uf
c:\windows\system32\twain_32\0063174F.uf
c:\windows\system32\twain_32\00633E9D.uf
c:\windows\system32\twain_32\006365FB.uf
c:\windows\system32\twain_32\00638D5A.uf
c:\windows\system32\twain_32\0063B4B8.uf
c:\windows\system32\twain_32\0063DC16.uf
c:\windows\system32\twain_32\00640364.uf
c:\windows\system32\twain_32\00642AB3.uf
c:\windows\system32\twain_32\00645211.uf
c:\windows\system32\twain_32\0064796F.uf
c:\windows\system32\twain_32\0064A11B.uf
c:\windows\system32\twain_32\0064C879.uf
c:\windows\system32\twain_32\0064F798.uf
c:\windows\system32\twain_32\006522CE.uf
c:\windows\system32\twain_32\00654A4C.uf
c:\windows\system32\twain_32\006571C9.uf
c:\windows\system32\twain_32\00659927.uf
c:\windows\system32\twain_32\0065C085.uf
c:\windows\system32\twain_32\0065E7D4.uf
c:\windows\system32\twain_32\00660F42.uf
c:\windows\system32\twain_32\006636A0.uf
c:\windows\system32\twain_32\00665E5C.uf
c:\windows\system32\twain_32\00668637.uf
c:\windows\system32\twain_32\0066AD85.uf
c:\windows\system32\twain_32\0066D4F3.uf
c:\windows\system32\twain_32\0066FC51.uf
c:\windows\system32\twain_32\006723AF.uf
c:\windows\system32\twain_32\00674B3C.uf
c:\windows\system32\twain_32\0067729A.uf
c:\windows\system32\twain_32\00679B41.uf
c:\windows\system32\twain_32\0067C3B8.uf
c:\windows\system32\twain_32\0067EB07.uf
c:\windows\system32\twain_32\00681265.uf
c:\windows\system32\twain_32\00683A30.uf
c:\windows\system32\twain_32\0068617F.uf
c:\windows\system32\twain_32\006888DD.uf
c:\windows\system32\twain_32\0068B03B.uf
c:\windows\system32\twain_32\0068D816.uf
c:\windows\system32\twain_32\0068FF74.uf
c:\windows\system32\twain_32\006926E2.uf
c:\windows\system32\twain_32\00694E50.uf
c:\windows\system32\twain_32\006975AE.uf
c:\windows\system32\twain_32\00699D0C.uf
c:\windows\system32\twain_32\0069C45A.uf
c:\windows\system32\twain_32\0069EBB9.uf
c:\windows\system32\twain_32\006A13F1.uf
c:\windows\system32\twain_32\006A3B50.uf
c:\windows\system32\twain_32\006A628E.uf
c:\windows\system32\twain_32\006A89ED.uf
c:\windows\system32\twain_32\006AB14B.uf
c:\windows\system32\twain_32\006AD8C8.uf
c:\windows\system32\twain_32\006B0026.uf
c:\windows\system32\twain_32\006B2775.uf
c:\windows\system32\twain_32\006B4ED3.uf
c:\windows\system32\twain_32\006B7612.uf
c:\windows\system32\twain_32\006B9D7F.uf
c:\windows\system32\twain_32\006BC4CE.uf
c:\windows\system32\twain_32\006BEC2C.uf
c:\windows\system32\twain_32\006C138A.uf
c:\windows\system32\twain_32\006C3B17.uf
c:\windows\system32\twain_32\006C6256.uf
c:\windows\system32\twain_32\006C89B4.uf
c:\windows\system32\twain_32\006CB0F3.uf
c:\windows\system32\twain_32\006CD851.uf
c:\windows\system32\twain_32\006CFFA0.uf
c:\windows\system32\twain_32\006D26FE.uf
c:\windows\system32\twain_32\006D4E2D.uf
c:\windows\system32\twain_32\006D7D5B.uf
c:\windows\system32\twain_32\006DA8A1.uf
c:\windows\system32\twain_32\006DCFFF.uf
c:\windows\system32\twain_32\006DF75E.uf
c:\windows\system32\twain_32\006E1EBC.uf
c:\windows\system32\twain_32\006E460A.uf
c:\windows\system32\twain_32\006E6D78.uf
c:\windows\system32\twain_32\006E963D.uf
c:\windows\system32\twain_32\006EBDAB.uf
c:\windows\system32\twain_32\006EE4EA.uf
c:\windows\system32\twain_32\006F0C67.uf
c:\windows\system32\twain_32\006F33A6.uf
c:\windows\system32\twain_32\006F5AE5.uf
c:\windows\system32\twain_32\006F8243.uf
c:\windows\system32\twain_32\006FA982.uf
c:\windows\system32\twain_32\006FD0F0.uf
c:\windows\system32\twain_32\006FF85E.uf
c:\windows\system32\twain_32\007027AB.uf
c:\windows\system32\twain_32\00704F09.uf
c:\windows\system32\twain_32\00707A6F.uf
c:\windows\system32\twain_32\0070A1CD.uf
c:\windows\system32\twain_32\0070C92B.uf
c:\windows\system32\twain_32\0070F089.uf
c:\windows\system32\twain_32\00711826.uf
c:\windows\system32\twain_32\00713F93.uf
c:\windows\system32\twain_32\00716720.uf
c:\windows\system32\twain_32\00718E5F.uf
c:\windows\system32\twain_32\0071B5AE.uf
c:\windows\system32\twain_32\0071DD2B.uf
c:\windows\system32\twain_32\0072047A.uf
c:\windows\system32\twain_32\00722BC8.uf
c:\windows\system32\twain_32\00725326.uf
c:\windows\system32\twain_32\00727B9E.uf
c:\windows\system32\twain_32\0072A3A8.uf
c:\windows\system32\twain_32\0072CB15.uf
c:\windows\system32\twain_32\0072F283.uf
c:\windows\system32\twain_32\00731DD9.uf
c:\windows\system32\twain_32\00734621.uf
c:\windows\system32\twain_32\00736DFC.uf
c:\windows\system32\twain_32\00739C02.uf
c:\windows\system32\twain_32\0073C360.uf
c:\windows\system32\twain_32\0073EEC5.uf
c:\windows\system32\twain_32\00741AE6.uf
c:\windows\system32\twain_32\0074463C.uf
c:\windows\system32\twain_32\00746D9A.uf
c:\windows\system32\twain_32\00749517.uf
c:\windows\system32\twain_32\0074BC75.uf
c:\windows\system32\twain_32\0074E3D4.uf
c:\windows\system32\twain_32\00750B41.uf
c:\windows\system32\twain_32\0075329F.uf
c:\windows\system32\twain_32\00755A7B.uf
c:\windows\system32\twain_32\00758340.uf
c:\windows\system32\twain_32\0075AB79.uf
c:\windows\system32\twain_32\0075D316.uf
c:\windows\system32\twain_32\0075FC48.uf
c:\windows\system32\twain_32\00762608.uf
c:\windows\system32\twain_32\00764E31.uf
c:\windows\system32\twain_32\00767716.uf
c:\windows\system32\twain_32\00769FDB.uf
c:\windows\system32\twain_32\0076C8B1.uf
c:\windows\system32\twain_32\0076F128.uf
c:\windows\system32\twain_32\00771886.uf
c:\windows\system32\twain_32\00773FD5.uf
c:\windows\system32\twain_32\00776742.uf
c:\windows\system32\twain_32\00778EB0.uf
c:\windows\system32\twain_32\0077B5FF.uf
c:\windows\system32\twain_32\0077DD6C.uf
c:\windows\system32\twain_32\007806CE.uf
c:\windows\system32\twain_32\00782ED8.uf
c:\windows\system32\twain_32\00785730.uf
c:\windows\system32\twain_32\00787E8E.uf
c:\windows\system32\twain_32\0078A5FC.uf
c:\windows\system32\twain_32\0078D181.uf
c:\windows\system32\twain_32\0078FF38.uf
c:\windows\system32\twain_32\00792AAD.uf
c:\windows\system32\twain_32\00795651.uf
c:\windows\system32\twain_32\0079861B.uf
c:\windows\system32\twain_32\0079ADC7.uf
c:\windows\system32\twain_32\0079D525.uf
c:\windows\system32\twain_32\0079FC84.uf
c:\windows\system32\twain_32\007A23E2.uf
c:\windows\system32\twain_32\007A4B6F.uf
c:\windows\system32\twain_32\007A72BD.uf
c:\windows\system32\twain_32\007A9A3B.uf
c:\windows\system32\twain_32\007AC571.uf
c:\windows\system32\twain_32\007AECEE.uf
c:\windows\system32\twain_32\007B1835.uf
c:\windows\system32\twain_32\007B439A.uf
c:\windows\system32\twain_32\007B6B08.uf
c:\windows\system32\twain_32\007B9266.uf
c:\windows\system32\twain_32\007BBA02.uf
c:\windows\system32\twain_32\007BE161.uf
c:\windows\system32\twain_32\007C0C87.uf
c:\windows\system32\twain_32\007C33E6.uf
c:\windows\system32\twain_32\007C5B73.uf
c:\windows\system32\twain_32\007C84B5.uf
c:\windows\system32\twain_32\007CAC04.uf
c:\windows\system32\twain_32\007CD342.uf
c:\windows\system32\twain_32\007CFA91.uf
c:\windows\system32\twain_32\007D21EF.uf
c:\windows\system32\twain_32\007D497C.uf
c:\windows\system32\twain_32\007D70CB.uf
c:\windows\system32\twain_32\007D9819.uf
c:\windows\system32\twain_32\007DBF77.uf
c:\windows\system32\twain_32\007DE6B6.uf
c:\windows\system32\twain_32\007E0E14.uf
c:\windows\system32\twain_32\007E397A.uf
c:\windows\system32\twain_32\007E64B0.uf
c:\windows\system32\twain_32\007E8C2D.uf
c:\windows\system32\twain_32\007EB3AB.uf
c:\windows\system32\twain_32\007EDB09.uf
c:\windows\system32\twain_32\007F0257.uf
c:\windows\system32\twain_32\007F29B6.uf
c:\windows\system32\twain_32\007F5133.uf
c:\windows\system32\twain_32\007F7891.uf
c:\windows\system32\twain_32\007FA08B.uf
c:\windows\system32\twain_32\007FC99F.uf
c:\windows\system32\twain_32\007FF35F.uf
c:\windows\system32\twain_32\00801B3A.uf
c:\windows\system32\twain_32\00804288.uf
c:\windows\system32\twain_32\008069F6.uf
c:\windows\system32\twain_32\00809173.uf
c:\windows\system32\twain_32\0080B8E1.uf
c:\windows\system32\twain_32\0080E03F.uf
c:\windows\system32\twain_32\008107BD.uf
c:\windows\system32\twain_32\00812F2A.uf
c:\windows\system32\twain_32\008156D7.uf
c:\windows\system32\twain_32\0081853A.uf
c:\windows\system32\twain_32\0081AE5D.uf
c:\windows\system32\twain_32\0081D5AB.uf
c:\windows\system32\twain_32\0081FD09.uf
c:\windows\system32\twain_32\00822468.uf
c:\windows\system32\twain_32\00824C43.uf
c:\windows\system32\twain_32\00827391.uf
c:\windows\system32\twain_32\00829AFF.uf
c:\windows\system32\twain_32\0082C26D.uf
c:\windows\system32\twain_32\0082E9BB.uf
c:\windows\system32\twain_32\00831196.uf
c:\windows\system32\twain_32\00833C40.uf
c:\windows\system32\twain_32\00836C97.uf
c:\windows\system32\twain_32\00839751.uf
c:\windows\system32\twain_32\0083C074.uf
c:\windows\system32\twain_32\0083EA05.uf
c:\windows\system32\twain_32\00841318.uf
c:\windows\system32\twain_32\00843C6A.uf
c:\windows\system32\twain_32\00846501.uf
c:\windows\system32\twain_32\00848E72.uf
c:\windows\system32\twain_32\0084B7B5.uf
c:\windows\system32\twain_32\0084E107.uf
c:\windows\system32\twain_32\00850A69.uf
c:\windows\system32\twain_32\008533F9.uf
c:\windows\system32\twain_32\0085622D.uf
c:\windows\system32\twain_32\008590CF.uf
c:\windows\system32\twain_32\0085B83D.uf
c:\windows\system32\twain_32\0085E3E1.uf
c:\windows\system32\twain_32\00860B4E.uf
c:\windows\system32\twain_32\008634B0.uf
c:\windows\system32\twain_32\00865CCA.uf
c:\windows\system32\twain_32\00868996.uf
c:\windows\system32\twain_32\0086B421.uf
c:\windows\system32\twain_32\0086DBCD.uf
c:\windows\system32\twain_32\0087034B.uf
c:\windows\system32\twain_32\00872BF1.uf
c:\windows\system32\twain_32\00875870.uf
c:\windows\system32\twain_32\00878442.uf
c:\windows\system32\twain_32\0087ABC0.uf
c:\windows\system32\twain_32\0087D31E.uf
c:\windows\system32\twain_32\0087FFFA.uf
c:\windows\system32\twain_32\00882749.uf
c:\windows\system32\twain_32\00884E97.uf
c:\windows\system32\twain_32\008875F5.uf
c:\windows\system32\twain_32\00889D44.uf
c:\windows\system32\twain_32\0088C88A.uf
c:\windows\system32\twain_32\0088EFE8.uf
c:\windows\system32\twain_32\00891746.uf
c:\windows\system32\twain_32\00893EA4.uf
c:\windows\system32\twain_32\00896845.uf
c:\windows\system32\twain_32\00899158.uf
c:\windows\system32\twain_32\0089BAAA.uf
c:\windows\system32\twain_32\0089E228.uf
c:\windows\system32\twain_32\008A0A12.uf
c:\windows\system32\twain_32\008A346E.uf
c:\windows\system32\twain_32\008A5CA7.uf
c:\windows\system32\twain_32\008A855D.uf
c:\windows\system32\twain_32\008AADC5.uf
c:\windows\system32\twain_32\008AD8EC.uf
c:\windows\system32\twain_32\008B003A.uf
c:\windows\system32\twain_32\008B2B71.uf
c:\windows\system32\twain_32\008B52DE.uf
c:\windows\system32\twain_32\008B7A3C.uf
c:\windows\system32\twain_32\008BA1C9.uf
c:\windows\system32\twain_32\008BC937.uf
c:\windows\system32\twain_32\008BF095.uf
c:\windows\system32\twain_32\008C17F3.uf
c:\windows\system32\twain_32\008C3F52.uf
c:\windows\system32\twain_32\008C6690.uf
c:\windows\system32\twain_32\008C91F6.uf
c:\windows\system32\twain_32\008CBCCF.uf
c:\windows\system32\twain_32\008CE41D.uf
c:\windows\system32\twain_32\008D0B7B.uf
c:\windows\system32\twain_32\008D3896.uf
c:\windows\system32\twain_32\008D6042.uf
c:\windows\system32\twain_32\008D8CFF.uf
c:\windows\system32\twain_32\008DB46D.uf
c:\windows\system32\twain_32\008DDCB6.uf
c:\windows\system32\twain_32\008E04B0.uf
c:\windows\system32\twain_32\008E2D95.uf
c:\windows\system32\twain_32\008E58EB.uf
c:\windows\system32\twain_32\008E8058.uf
c:\windows\system32\twain_32\008EA7B6.uf
c:\windows\system32\twain_32\008ECF15.uf
c:\windows\system32\twain_32\008EF6D0.uf
c:\windows\system32\twain_32\008F212C.uf
c:\windows\system32\twain_32\008F48D8.uf
c:\windows\system32\twain_32\008F7037.uf
c:\windows\system32\twain_32\008F9812.uf
c:\windows\system32\twain_32\008FC0A8.uf
c:\windows\system32\twain_32\008FE883.uf
c:\windows\system32\twain_32\00900FE2.uf
c:\windows\system32\twain_32\0090375F.uf
c:\windows\system32\twain_32\00905EDC.uf
c:\windows\system32\twain_32\0090864A.uf
c:\windows\system32\twain_32\0090AD99.uf
c:\windows\system32\twain_32\0090D506.uf
c:\windows\system32\twain_32\0090FC64.uf
c:\windows\system32\twain_32\009123C3.uf
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Psyche
-------\Legacy_Psyche
-------\Legacy_fci
-------\Legacy_icf
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_RESTORE
-------\Service_fci
-------\Service_ICF
-------\Service_MyWebSearchService
-------\Service_restore


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 22:49 . 2008-11-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-11 20:56 . 2008-08-14 10:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-11 20:56 . 2008-08-14 09:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-11 20:56 . 2008-08-14 09:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-11 20:56 . 2008-08-14 09:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-11 20:53 . 2008-05-01 14:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-11 20:47 . 2007-07-09 13:09 584,192 -----c--- c:\windows\system32\dllcache\rpcrt4.dll
2008-11-11 20:10 . 2008-04-11 18:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-11 00:37 . 2004-08-04 05:22 23,024 --a------ c:\windows\system32\ieuinit.inf
2008-11-11 00:37 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig
2008-11-11 00:37 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat
2008-11-11 00:15 . 2005-10-20 22:20 1,082,368 --a------ c:\windows\system32\esent.dll
2008-11-11 00:08 . 2008-11-11 00:08 <DIR> d-------- C:\Kontiki
2008-11-10 22:39 . 2004-08-04 07:56 351,232 --a------ c:\windows\system32\winhttp.dll
2008-11-10 22:39 . 2004-08-04 07:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2008-11-10 21:44 . 2008-11-11 20:00 250 --a------ c:\windows\gmer.ini
2008-11-09 23:35 . 2008-11-09 23:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-09 23:35 . 2008-11-09 23:35 <DIR> d-------- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com
2008-11-09 23:35 . 2008-11-09 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-09 17:21 . 2008-11-09 17:21 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 17:20 . 2008-11-09 17:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-04 22:43 . 2008-11-05 00:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-15 22:59 . 2008-10-15 22:59 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-10-15 21:34 . 2008-10-15 21:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-10-13 21:56 . 2007-12-24 16:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-10-13 21:55 . 2008-10-14 05:01 <DIR> d-------- c:\documents and settings\Dave\Application Data\HouseCall 6.6
2008-10-13 21:44 . 2008-07-18 22:09 215,752 --a------ c:\windows\system32\wuaucpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 19:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-12 19:55 332,396 -csha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-12 19:55 3,245,344 -csha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-12 19:55 3,184,952 -csha-w c:\windows\system32\drivers\fidbox.idx
2008-11-12 19:55 237,264,416 -csha-w c:\windows\system32\drivers\fidbox.dat
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 21:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-01 19:51 --------- d-----w c:\program files\RegCure
2008-09-30 06:24 --------- d-----w c:\documents and settings\Dave\Application Data\LimeWire
2008-09-30 06:20 --------- d-----w c:\program files\LimeWire
2008-09-30 06:20 --------- d-----w c:\program files\Incomplete
2008-09-28 22:57 16,608 ----a-w c:\windows\gdrv.sys
2008-09-28 21:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-25 23:46 22,528 --sh--r C:\bootwiz.sys
2008-09-24 20:37 --------- d-----w c:\program files\Gigabyte
2008-09-24 20:36 --------- d-----w c:\program files\DIFX
2008-09-24 20:35 --------- d-----w c:\program files\AMD
2008-09-24 20:29 --------- d-----w c:\program files\ATI Technologies
2008-07-13 10:18 23 ----a-w c:\documents and settings\Cameron\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632]
"EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"CreativeMouse"="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
"CreativeMouse"="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"HostManager"="c:\program files\Common Files\AOL\1143679318\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dave\Start Menu\Programs\Startup\
Memeo AutoBackup Pro Launcher.lnk - c:\documents and settings\Dave\Application Data\Microsoft\Installer\{2FD28F55-E01B-4212-93F7-9F1B51C572A2}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-04-25 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2008-04-01 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= I263_32.drv
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0daxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1tbxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2ftxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8nyxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vkxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143679318\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143679318\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-12-10 25105]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2004-10-12 515249]
R3 PPPoEWin;PPPoEWin Miniport;c:\windows\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 104375]
R3 RegKill;RegKill;c:\windows\system32\Drivers\RegKill.sys [2002-03-10 6144]
S0 ati0daxx;ati0daxx;c:\windows\system32\Drivers\ati0daxx.sys [ ]
S0 ati1tbxx;ati1tbxx;c:\windows\system32\Drivers\ati1tbxx.sys [ ]
S0 ati2ftxx;ati2ftxx;c:\windows\system32\Drivers\ati2ftxx.sys [ ]
S0 ati8nyxx;ati8nyxx;c:\windows\system32\Drivers\ati8nyxx.sys [ ]
S0 ati8vkxx;ati8vkxx;c:\windows\system32\Drivers\ati8vkxx.sys [ ]
S0 spywarestop;spywarestop;c:\windows\system32\DRIVERS\spywarestop.sys [ ]
S1 glaide32;glaide32;c:\windows\system32\drivers\glaide32.sys [ ]
S2 bfyfwdehzqv;bfyfwdehzqv;c:\windows\system32\drivers\szkuwvtgnl.sys [ ]
S2 eggqpvflmvb;eggqpvflmvb;c:\windows\system32\drivers\rymkspfguji.sys [ ]
S2 fanvqnehe;fanvqnehe;c:\windows\system32\drivers\zltrgpinup.sys [ ]
S2 qhpmzxdhbv;qhpmzxdhbv;c:\windows\system32\drivers\vcpovkjrwb.sys [ ]
S2 thcglpcsdbh;thcglpcsdbh;c:\windows\system32\drivers\fieprlzhtizwys.sys [ ]
S2 vbjzssre;vbjzssre;c:\windows\system32\drivers\ebwer.sys [ ]
S2 vyykucmbg;vyykucmbg;c:\windows\system32\drivers\ngbsztbdtm.sys [ ]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 ATICDSDr;ATICDSDr;c:\docume~1\Dave\LOCALS~1\Temp\ATICDSDr.sys [ ]
S3 Cap7134;Philips Cap7134 Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-12-09 358080]
S3 FXDRV;FXDRV;c:\program files\SuperUtility\Fxdrv.sys [ ]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-11-13 13352]
S3 lanusb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\DRIVERS\glausb.sys [2003-08-15 138402]
S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-12-01 28448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d840ac11-8644-11dc-a913-5050506f4531}]
\Shell\AutoRun\command - "Z:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2007-07-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
BHO-{75f5e048-3311-4347-acff-8b26fbd47309} - c:\windows\system32\vtUlKBQH.dll
HKCU-Run-M1000Mnt - M1000Rmv.exe
HKLM-Run-M1000Mnt - M1000Rmv.exe
Notify-wineak32 - wineak32.dll
Notify-wvUlmkJc - wvUlmkJc.dll
Notify-xnrtza - xnrtza.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\b5k47nwq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 19:57:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\snmp.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\WebCam\M1000\M1000Mnt.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:01:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 20:01:18

Pre-Run: 4,564,406,272 bytes free
Post-Run: 5,660,860,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

794 --- E O F --- 2008-11-12 00:39:06

[Ried]

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove Programs)

SpywareStop <--rogue program


--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

Driver::
glaide32
bfyfwdehzqv
eggqpvflmvb
fanvqnehe 
qhpmzxdhbv
thcglpcsdbh
vbjzssre
vyykucmbg

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior

[DarkMagician66]

Hi again - Results pasted below, system is performing well and now that there is far less internet connection activity, my AM2 is running 10 celsius cooler. SP3 just added by MS Automatic Updates.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 14, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 13, 2008 18:50:55
Records in database: 1383528
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\

Scan statistics:
Files scanned: 201298
Threat name: 17
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 02:04:11


File name / Threat name / Threats count
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\.tt19.tmp.bac_a02728 Infected: Backdoor.Win32.Frauder.le 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\.tt19.tmp.exe.bac_a02728 Infected: Backdoor.Win32.Frauder.le 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\.tt9.tmp.vbs.bac_a02728 Infected: Backdoor.Win32.Frauder.eo 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\asuper1[1].htm.bac_a02728 Infected: Trojan-Dropper.Win32.Pich.z 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\BN2.tmp.bac_a02728 Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\BN4.tmp.bac_a02728 Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\BN5.tmp.bac_a02728 Infected: Trojan.Win32.Agent.admk 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\faceback.exe.bac_a02728 Infected: Trojan-Downloader.Win32.Agent.ajzv 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\isbcmzjj[1].htm.bac_a02728 Infected: Trojan.Win32.Agent.alsh 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\loader.exe.bac_a02728 Infected: Trojan.Win32.Agent.ahni 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\qajghhvijw[1].htm.bac_a02728 Infected: Trojan.Win32.Agent.alsh 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\qajghhvijw[2].htm.bac_a02728 Infected: Trojan.Win32.Agent.alsh 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\regcure%20licence%20code[1].exe.bac_a02728 Infected: Trojan.Win32.Monder.qir 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\regcure%20licence%20code[1].exe.bac_a02728 Infected: Trojan-Downloader.Win32.Agent.ahyl 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\regcure%20licence%20code[1].exe.bac_a02728 Infected: Trojan-Downloader.Win32.Agent.ahus 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\regcure%20licence%20code[1].exe.bac_a02728 Infected: Trojan-Dropper.Win32.Agent.xgt 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\restore.sys.bac_a02728 Infected: Rootkit.Win32.Agent.der 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\rs32net.exe.bac_a02728 Infected: Trojan.Win32.Agent.ahni 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\skp6[1].exe.bac_a02728 Infected: Trojan-Proxy.Win32.Agent.bbf 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\vocmzaan[1].txt.bac_a02728 Infected: Trojan-Downloader.Win32.Small.aetj 1
C:\Documents and Settings\Dave\Application Data\HouseCall 6.6\Backup\xnrtza.dll.bac_a02728 Infected: Backdoor.Win32.Hijack.ac 1
D:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.eb 1
D:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ed 1

The selected area was scanned.

ComboFix 08-11-12.01 - Dave 2008-11-13 21:55:17.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1508 [GMT 0:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BFYFWDEHZQV
-------\Legacy_EGGQPVFLMVB
-------\Legacy_FANVQNEHE
-------\Legacy_QHPMZXDHBV
-------\Legacy_THCGLPCSDBH
-------\Legacy_VBJZSSRE
-------\Legacy_VYYKUCMBG
-------\Service_bfyfwdehzqv
-------\Service_eggqpvflmvb
-------\Service_fanvqnehe
-------\Service_glaide32
-------\Service_qhpmzxdhbv
-------\Service_thcglpcsdbh
-------\Service_vbjzssre
-------\Service_vyykucmbg


((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-11 22:49 . 2008-11-11 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-11 20:56 . 2008-08-14 10:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-11 20:56 . 2008-08-14 09:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-11 20:56 . 2008-08-14 09:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-11 20:56 . 2008-08-14 09:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-11 20:53 . 2008-05-01 14:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-11 20:47 . 2007-07-09 13:09 584,192 -----c--- c:\windows\system32\dllcache\rpcrt4.dll
2008-11-11 20:10 . 2008-04-11 18:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-11 00:37 . 2004-08-04 05:22 23,024 --a------ c:\windows\system32\ieuinit.inf
2008-11-11 00:37 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig
2008-11-11 00:37 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat
2008-11-11 00:15 . 2005-10-20 22:20 1,082,368 --a------ c:\windows\system32\esent.dll
2008-11-11 00:08 . 2008-11-11 00:08 <DIR> d-------- C:\Kontiki
2008-11-10 22:39 . 2004-08-04 07:56 351,232 --a------ c:\windows\system32\winhttp.dll
2008-11-10 22:39 . 2004-08-04 07:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2008-11-10 21:44 . 2008-11-11 20:00 250 --a------ c:\windows\gmer.ini
2008-11-09 23:35 . 2008-11-09 23:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-09 23:35 . 2008-11-09 23:35 <DIR> d-------- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com
2008-11-09 23:35 . 2008-11-09 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-09 17:21 . 2008-11-09 17:21 <DIR> d-------- c:\program files\Trend Micro
2008-11-09 17:20 . 2008-11-09 17:20 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-04 22:43 . 2008-11-05 00:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-15 22:59 . 2008-10-15 22:59 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-10-15 21:34 . 2008-10-15 21:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-10-13 21:56 . 2007-12-24 16:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-10-13 21:55 . 2008-10-14 05:01 <DIR> d-------- c:\documents and settings\Dave\Application Data\HouseCall 6.6
2008-10-13 21:44 . 2008-07-18 22:09 215,752 --a------ c:\windows\system32\wuaucpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-13 21:57 332,396 -csha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-13 21:57 3,245,344 -csha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-13 21:57 3,184,952 -csha-w c:\windows\system32\drivers\fidbox.idx
2008-11-13 21:57 237,264,416 -csha-w c:\windows\system32\drivers\fidbox.dat
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 21:34 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-01 19:51 --------- d-----w c:\program files\RegCure
2008-09-30 06:24 --------- d-----w c:\documents and settings\Dave\Application Data\LimeWire
2008-09-30 06:20 --------- d-----w c:\program files\LimeWire
2008-09-30 06:20 --------- d-----w c:\program files\Incomplete
2008-09-28 22:57 16,608 ----a-w c:\windows\gdrv.sys
2008-09-28 21:49 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-25 23:46 22,528 --sh--r C:\bootwiz.sys
2008-09-24 20:37 --------- d-----w c:\program files\Gigabyte
2008-09-24 20:36 --------- d-----w c:\program files\DIFX
2008-09-24 20:35 --------- d-----w c:\program files\AMD
2008-09-24 20:29 --------- d-----w c:\program files\ATI Technologies
2008-07-13 10:18 23 ----a-w c:\documents and settings\Cameron\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-12_20.00.46.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-13 21:59:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_324.dat
+ 2008-11-13 21:59:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" [2005-05-25 517632]
"EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"CreativeMouse"="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 206184]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kis"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 139367]
"CreativeMouse"="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"HostManager"="c:\program files\Common Files\AOL\1143679318\ee\AOLSoftware.exe" [2006-11-17 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 1164912]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 1941784]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Dave\Start Menu\Programs\Startup\
Memeo AutoBackup Pro Launcher.lnk - c:\documents and settings\Dave\Application Data\Microsoft\Installer\{2FD28F55-E01B-4212-93F7-9F1B51C572A2}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-04-25 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2008-04-01 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoControlPanel"= 0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 0
"NoWindowsUpdate"= 0

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= I263_32.drv
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0daxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati1tbxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2ftxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8nyxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8vkxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143679318\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143679318\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2004-12-10 25105]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2004-10-12 515249]
R3 PPPoEWin;PPPoEWin Miniport;c:\windows\system32\DRIVERS\PPPoEWin.SYS [2003-09-25 104375]
R3 RegKill;RegKill;c:\windows\system32\Drivers\RegKill.sys [2002-03-10 6144]
S0 ati0daxx;ati0daxx;c:\windows\system32\Drivers\ati0daxx.sys [ ]
S0 ati1tbxx;ati1tbxx;c:\windows\system32\Drivers\ati1tbxx.sys [ ]
S0 ati2ftxx;ati2ftxx;c:\windows\system32\Drivers\ati2ftxx.sys [ ]
S0 ati8nyxx;ati8nyxx;c:\windows\system32\Drivers\ati8nyxx.sys [ ]
S0 ati8vkxx;ati8vkxx;c:\windows\system32\Drivers\ati8vkxx.sys [ ]
S0 spywarestop;spywarestop;c:\windows\system32\DRIVERS\spywarestop.sys [ ]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 ATICDSDr;ATICDSDr;c:\docume~1\Dave\LOCALS~1\Temp\ATICDSDr.sys [ ]
S3 Cap7134;Philips Cap7134 Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-12-09 358080]
S3 FXDRV;FXDRV;c:\program files\SuperUtility\Fxdrv.sys [ ]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-11-13 13352]
S3 lanusb;GlobeSpan USB ADSL LAN Modem;c:\windows\system32\DRIVERS\glausb.sys [2003-08-15 138402]
S3 PhTVTune;Philips WDM TVTuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-12-01 28448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d840ac11-8644-11dc-a913-5050506f4531}]
\Shell\AutoRun\command - "Z:\Install FreeAgent Tools.exe" /run
.
Contents of the 'Scheduled Tasks' folder

2007-07-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 22:00:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\snmp.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-13 22:03:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-13 22:03:15
ComboFix2.txt 2008-11-12 20:46:38
ComboFix3.txt 2008-11-12 20:01:23

Pre-Run: 5,762,953,216 bytes free
Post-Run: 5,736,296,448 bytes free

229 --- E O F --- 2008-11-12 00:39:06

[Ried]

Glad to hear that. : )

Did you uninstall Spywarestop? If not, please do so. If you did, then we need to take care of the service it left behind.


Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.

Quote:

@echo off
sc stop spywarestop
sc delete spywarestop
exit

Save this as fixservices.bat Choose to "Save type as - All Files"
It should look like this:

Double click FixServices.bat. A window will open and close. This is normal.

------------------------------------------------------------------

Delete these folders:

C:\Documents and Settings\Dave\Application Data\HouseCall 6.6
D:\Program Files\MyWebSearch

------------------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[DarkMagician66]

Thank you - all processes completed and disinfection tools cleared down.
Recommended Freeware installed as per your last message.

System is purring away nicely now and issues resolved.

I'd just like to say this is the best Tech Support I have ever received and will recommend TSF to my friends should they ever require assistance.

Once again many many thanks.

[Ried]

You're welcome, DarkMagician66. Thank you for the kind words.

Take care and surf safely.