Hi crunchie

here's the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:23, on 04/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Norton Ghost 14\Agent\VProTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\WINDOWS\tppnttry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Norton Ghost 14\Agent\VProSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\802.11 Wireless LAN\SiSWLSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe
C:\Program Files\GrabIt171\GrabIt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Temp\NERO1002626\ipclog.exe
C:\temp\nro.tmp\SetupX.exe
C:\WINDOWS\system32\msiexec.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\WINDOWS\system32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bi...e=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {06327DAD-90B6-4A7D-AD5C-6651DC0D7E0E} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {1A694F6B-FCFF-41F1-B4B6-73287FCF7D5B} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {1F9492AD-88B1-44A5-8327-44CA94CB64F5} - C:\WINDOWS\system32\ddcDvvVn.dll (file missing)
O2 - BHO: (no name) - {3C9C135A-85A4-4120-BEF0-F5F1261C4840} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {3E4833AD-7C33-4E62-9D54-582EDD32EC94} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {75C64237-FF3D-49D5-B775-D8AB44A2F43C} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7770D561-A96E-4AD1-B9C9-26AF51E60DD5} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {9E128473-577E-4055-8DD9-AA646F2756DB} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {AF752ED8-57D6-4748-B3FB-0C04A2E9CC94} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {BC3651EB-157E-4C8C-937F-E0BDB1A1D27B} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {C2C84B99-0DB6-44D2-815D-EAACF90BC60F} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {C5B12942-FB14-4889-A63E-343B85E36A09} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {E9D935B6-36C5-44D9-86BF-96B129940376} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {F42CAAB6-C88F-4CE1-9DDC-D62FCF50D4A8} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {FA13A483-CEC8-4D05-9385-153A9B566615} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {FB4475DD-E3ED-4ACB-B2DA-5548C8D55C52} - C:\WINDOWS\system32\atmli.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "c:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost 14\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "c:\Program Files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NBHGui] c:\Program Files\Nero\Nero 9\InCD\NBHGui.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: kyziwd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - c:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost 14\Agent\VProSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\SiSWLSvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe

--
End of file - 14838 bytes

Jon

Still got nasties on there.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Hi crunchie

Here's the combofix log:

ComboFix 08-11-04.02 - Jon 2008-11-05 19:03:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.441 [GMT 0:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\iolo\common\lib\ioloHL.dll

ADS - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Application Data\winexpl2.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\dxgpahqp.ini
c:\windows\system32\hsueawlo.ini
c:\windows\system32\iikefqeq.ini
c:\windows\system32\Updater.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 22:21 . 2008-11-05 22:21 <DIR> d-------- c:\temp\WPDNSE
2008-11-05 22:21 . 2008-11-05 22:21 53,248 --a------ c:\temp\catchme.dll
2008-11-05 22:21 . 2008-11-05 22:21 16,384 --a----t- c:\temp\Perflib_Perfdata_9e8.dat
2008-11-05 19:14 . 2008-11-05 19:14 16,384 --a----t- c:\temp\Perflib_Perfdata_954.dat
2008-11-05 19:13 . 2008-11-05 19:13 16,384 --a----t- c:\temp\Perflib_Perfdata_708.dat
2008-11-05 00:11 . 2006-12-29 00:31 19,569 --a------ c:\windows\003098_.tmp
2008-11-05 00:06 . 2008-08-14 10:00 2,180,352 --a------ c:\windows\system32\ntoskrnl.exe
2008-11-04 23:59 . 2008-11-05 00:01 <DIR> d-------- C:\8f19dfe93aeb9ab1eb093884eb1f09d8
2008-11-04 23:26 . 2008-11-04 23:27 <DIR> d-------- c:\documents and settings\Jon\Application Data\Nero
2008-11-04 00:23 . 2008-11-04 00:57 <DIR> d-------- c:\program files\Nero
2008-11-04 00:20 . 2008-11-04 01:21 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-04 00:15 . 2008-11-04 00:15 <DIR> d-------- c:\temp\nro.log
2008-11-03 00:03 . 2008-11-05 22:21 <DIR> d-------- c:\temp\NERO1002626
2008-11-01 00:42 . 2008-11-01 00:42 <DIR> d-------- c:\program files\VistaCodecPack
2008-11-01 00:38 . 2008-11-01 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\VistaCodecs
2008-10-29 23:31 . 2008-10-30 00:19 <DIR> d-------- c:\temp\msohtmlclip1
2008-10-29 23:31 . 2008-10-29 23:31 <DIR> d-------- c:\temp\msohtmlclip
2008-10-29 23:12 . 2008-11-05 22:21 <DIR> d-------- c:\temp\VBE
2008-10-29 22:41 . 2008-11-04 23:04 <DIR> d-------- C:\hijackthis
2008-10-28 22:55 . 2008-10-28 22:55 <DIR> d-------- c:\windows\Drivers
2008-10-28 22:55 . 2002-04-01 07:39 43,648 --a------ c:\windows\system32\drivers\ousb2hub.sys
2008-10-28 22:55 . 2001-10-05 11:54 43,269 --a------ c:\windows\system32\drivers\tpp725.sys
2008-10-28 22:55 . 2002-04-01 07:39 29,696 --a------ c:\windows\system32\drivers\ousbehci.sys
2008-10-28 22:55 . 2001-10-05 11:53 21,866 --a------ c:\program files\Common Files\tppupd2k.dll
2008-10-28 22:55 . 2008-10-28 22:55 0 --a------ C:\UFantasy.ini
2008-10-27 22:42 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-10-27 22:42 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-10-26 23:22 . 2008-10-26 23:22 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-10-20 23:47 . 2008-11-03 19:09 4,767 --a------ c:\windows\Irremote.ini
2008-10-20 23:44 . 2008-11-04 00:54 <DIR> d-------- c:\program files\Windows Sidebar
2008-10-20 22:32 . 2008-10-20 22:32 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-10-17 21:47 . 2008-06-24 12:45 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-10-17 21:47 . 2008-06-23 16:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-10-17 21:19 . 2008-10-17 21:19 1,697,280 --a------ c:\documents and settings\Jon\Application Data\winexpl.exe
2008-10-15 22:07 . 2008-10-15 22:07 <DIR> d-------- c:\temp\Adobe
2008-10-14 21:40 . 2008-10-14 21:40 2,720 --a------ c:\windows\system32\settings.aaw
2008-10-14 21:40 . 2008-10-14 21:40 1,376 --a------ c:\windows\system32\history.aaw
2008-10-13 22:24 . 2008-10-13 22:24 <DIR> d-------- c:\program files\Lavasoft
2008-10-13 22:24 . 2008-10-13 22:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-13 22:24 . 2008-10-14 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-02 22:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-29 00:43 --------- d-----w c:\program files\TMPGEnc DVD Author 3
2008-10-29 00:43 --------- d-----w c:\program files\TMPGEnc 4.0 XPress
2008-10-29 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-10-29 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2008-10-28 23:51 --------- d-----w c:\program files\DriverGenius
2008-10-28 22:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 20:35 --------- d-----w c:\documents and settings\Jon\Application Data\U3
2008-10-22 16:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 00:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 06:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-12 23:09 --------- d-----w c:\program files\Wizardry 8
2008-10-08 23:06 --------- d-----w c:\program files\IsoBuster
2008-10-08 22:33 8,248 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-10-06 06:53 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-03 22:53 116,992 ----a-w c:\windows\system32\atmli.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-28 23:29 --------- d-----w c:\program files\GrabIt171
2008-09-27 00:10 --------- d-----w c:\program files\Microsoft ActiveSync
2008-09-24 10:32 28,672 ----a-w c:\windows\system32\iolobtdfg.exe
2008-09-17 23:48 --------- d-----w c:\program files\Windows Desktop Search
2008-09-17 23:45 --------- d-----w c:\documents and settings\Jon\Application Data\Comodo
2008-09-15 21:17 --------- d-----w c:\program files\Microsoft WSE
2008-09-15 21:16 --------- d-----w c:\program files\Family Tree Maker 2008
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-11 21:50 --------- d-----w c:\program files\HTML Help Workshop
2008-09-09 16:45 8,192 ----a-w c:\windows\system32\smrgdf.exe
2008-09-01 23:09 59,488 ----a-w c:\windows\system32\GenSvcInst.exe
2008-09-01 23:09 145,504 ----a-w c:\windows\system32\bgsvcgen.exe
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-26 14:23 118,784 ----a-w c:\windows\system32\iavlsp.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
2008-08-09 08:30 1,007,616 ----a-w c:\windows\system32\VSFilter.dll
2008-08-08 21:40 1,882,904 ----a-w c:\windows\system32\AutoPartNt.exe
2008-06-16 21:35 92,064 ----a-w c:\documents and settings\Jon\mqdmmdm.sys
2008-06-16 21:35 9,232 ----a-w c:\documents and settings\Jon\mqdmmdfl.sys
2008-06-16 21:35 79,328 ----a-w c:\documents and settings\Jon\mqdmserd.sys
2008-06-16 21:35 66,656 ----a-w c:\documents and settings\Jon\mqdmbus.sys
2008-06-16 21:35 6,208 ----a-w c:\documents and settings\Jon\mqdmcmnt.sys
2008-06-16 21:35 5,936 ----a-w c:\documents and settings\Jon\mqdmwhnt.sys
2008-06-16 21:35 4,048 ----a-w c:\documents and settings\Jon\mqdmcr.sys
2008-06-16 21:35 25,600 ----a-w c:\documents and settings\Jon\usbsermptxp.sys
2008-06-16 21:35 22,768 ----a-w c:\documents and settings\Jon\usbsermpt.sys
2006-03-16 22:26 91 ----a-w c:\program files\Crash.log
2006-02-03 18:27 1,260,032 ----a-w c:\program files\VsoStart.exe
2005-11-07 14:55 2,082,304 ----a-w c:\program files\PcSetup.exe
2005-05-22 17:46 5,608,448 ----a-w c:\program files\VsoStartSkin.dll
2005-05-13 17:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 11:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r c:\windows\x2.64.exe
2008-07-16 22:22 168 --sh--r c:\windows\system32\0D567F53A4.sys
2007-05-29 21:55 88 --sh--r c:\windows\system32\10C4D9967A.sys
2005-06-26 15:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r c:\windows\system32\cygz.dll
2006-04-27 10:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 13:16 240,128 --sha-r c:\windows\system32\x.264.exe
2007-01-14 22:53 2,815,264 --sha-w c:\windows\system32\drivers\fidbox.dat
2007-01-14 22:53 97,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06327DAD-90B6-4A7D-AD5C-6651DC0D7E0E}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A694F6B-FCFF-41F1-B4B6-73287FCF7D5B}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C9C135A-85A4-4120-BEF0-F5F1261C4840}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E4833AD-7C33-4E62-9D54-582EDD32EC94}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75C64237-FF3D-49D5-B775-D8AB44A2F43C}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7770D561-A96E-4AD1-B9C9-26AF51E60DD5}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E128473-577E-4055-8DD9-AA646F2756DB}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF752ED8-57D6-4748-B3FB-0C04A2E9CC94}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC3651EB-157E-4C8C-937F-E0BDB1A1D27B}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2C84B99-0DB6-44D2-815D-EAACF90BC60F}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5B12942-FB14-4889-A63E-343B85E36A09}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9D935B6-36C5-44D9-86BF-96B129940376}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F42CAAB6-C88F-4CE1-9DDC-D62FCF50D4A8}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA13A483-CEC8-4D05-9385-153A9B566615}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB4475DD-E3ED-4ACB-B2DA-5548C8D55C52}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"Norton Ghost 14.0"="c:\program files\Norton Ghost 14\Agent\VProTray.exe" [2008-05-07 2245984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 180269]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2002-06-24 118784]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2008-08-26 1103712]
"iolo Personal Firewall"="c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe" [2008-06-18 1313632]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\Logi_MwX.Exe]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.32.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.32.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.32.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Personal Firewall]
--a------ 2008-06-18 15:15 1313632 c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2008-05-15 16:29 54576 c:\program files\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-05-11 13:48 127118 c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-11-25 19:15 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 14:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

R0 bfenmtaa;bfenmtaa;c:\windows\system32\drivers\bfenmtaa.sys [2004-08-04 23424]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-09-21 9216]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2007-05-18 39424]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2005-08-25 11279]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-10-30 2368]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-08-04 5120]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe [2008-05-07 1558000]
R3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\DRIVERS\TPPFX.SYS [2002-06-24 32256]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [ ]
S2 P32LOAD;Intel(R) AnyPoint(R) 3240 USB Modem Firmware Loader;c:\windows\system32\DRIVERS\p31usbld.sys [2002-04-23 18906]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2005-08-25 11279]
S3 BIOSCHK;BIOSCHK;c:\temp\TIIF6.tmp\disk1\BIOSCHK.SYS [ ]
S3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\Drivers\CyUsbNT.sys [2005-02-16 28800]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-09-05 217600]
S3 TPP300;USB Storage Adapter V3 (TPP);c:\windows\system32\DRIVERS\TPP300.SYS [ ]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2006-12-02 48128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\A92534099192A881.job
- c:\docume~1\jon\applic~1\cashbu~1\mix anti cake.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{1F9492AD-88B1-44A5-8327-44CA94CB64F5} - c:\windows\system32\ddcDvvVn.dll
ShellIconOverlayIdentifiers-{8D2223A2-B3C6-4e32-B096-CDD11F628C60} - (no file)
HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
HKLM-Run-NBKeyScan - c:\program files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-NBHGui - c:\program files\Nero\Nero 9\InCD\NBHGui.exe
Notify-dimsntfy - (no file)
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-ACU - c:\program files\Atheros\ACU.exe
MSConfigStartUp-BM05af47d7 - c:\windows\system32\qguttcql.dll
MSConfigStartUp-InstallProgram - c:\documents and settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\U1FNPXU5\setup_100543_3_[1].exe
MSConfigStartUp-ioloDelayModule - c:\program files\System Mechanic Professional 6\delay.exe
MSConfigStartUp-LaunchList - c:\program files\Pinnacle Studio 10\LaunchList.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-SystemGuardAlerter - c:\program files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
MSConfigStartUp-Tunebite - c:\program files\Tunebite Platinum\Tunebite.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Append to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
O18 -: Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 22:21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCESS: c:\windows\explorer.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCESS: c:\windows\system32\csrss.exe
-> c:\program files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\windows\system32\imapi.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Norton Ghost 14\Agent\VProSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\802.11 Wireless LAN\SiSWLSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msdtc.exe
c:\windows\TPPNTTRY.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-11-05 22:24:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-05 22:24:42

Pre-Run: 6,994,042,880 bytes free
Post-Run: 8,775,188,480 bytes free

371 --- E O F --- 2008-11-05 01:13:32


and the new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:42, on 05/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Norton Ghost 14\Agent\VProSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\802.11 Wireless LAN\SiSWLSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Norton Ghost 14\Agent\VProTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\WINDOWS\tppnttry.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {06327DAD-90B6-4A7D-AD5C-6651DC0D7E0E} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {1A694F6B-FCFF-41F1-B4B6-73287FCF7D5B} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {3C9C135A-85A4-4120-BEF0-F5F1261C4840} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {3E4833AD-7C33-4E62-9D54-582EDD32EC94} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {75C64237-FF3D-49D5-B775-D8AB44A2F43C} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7770D561-A96E-4AD1-B9C9-26AF51E60DD5} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {9E128473-577E-4055-8DD9-AA646F2756DB} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {AF752ED8-57D6-4748-B3FB-0C04A2E9CC94} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {BC3651EB-157E-4C8C-937F-E0BDB1A1D27B} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {C2C84B99-0DB6-44D2-815D-EAACF90BC60F} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {C5B12942-FB14-4889-A63E-343B85E36A09} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {E9D935B6-36C5-44D9-86BF-96B129940376} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {F42CAAB6-C88F-4CE1-9DDC-D62FCF50D4A8} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {FA13A483-CEC8-4D05-9385-153A9B566615} - C:\WINDOWS\system32\atmli.dll
O2 - BHO: (no name) - {FB4475DD-E3ED-4ACB-B2DA-5548C8D55C52} - C:\WINDOWS\system32\atmli.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "c:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost 14\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - c:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost 14\Agent\VProSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\SiSWLSvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe

--
End of file - 13780 bytes


thanks
Jon

A. Please RUN HijackThis

1. Click the SCAN button to produce a log.
   
2. Place a check mark beside each one of the following items:
   
   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
   R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
   
   O2 - BHO: (no name) - {06327DAD-90B6-4A7D-AD5C-6651DC0D7E0E} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {1A694F6B-FCFF-41F1-B4B6-73287FCF7D5B} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {3C9C135A-85A4-4120-BEF0-F5F1261C4840} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {3E4833AD-7C33-4E62-9D54-582EDD32EC94} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {75C64237-FF3D-49D5-B775-D8AB44A2F43C} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {7770D561-A96E-4AD1-B9C9-26AF51E60DD5} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {9E128473-577E-4055-8DD9-AA646F2756DB} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {AF752ED8-57D6-4748-B3FB-0C04A2E9CC94} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {BC3651EB-157E-4C8C-937F-E0BDB1A1D27B} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {C2C84B99-0DB6-44D2-815D-EAACF90BC60F} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {C5B12942-FB14-4889-A63E-343B85E36A09} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {E9D935B6-36C5-44D9-86BF-96B129940376} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {F42CAAB6-C88F-4CE1-9DDC-D62FCF50D4A8} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {FA13A483-CEC8-4D05-9385-153A9B566615} - C:\WINDOWS\system32\atmli.dll
   O2 - BHO: (no name) - {FB4475DD-E3ED-4ACB-B2DA-5548C8D55C52} - C:\WINDOWS\system32\atmli.dll
   
   
3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Hi crunchie

Don't know I've managed to get rid of all instances of that file - saw a message flash up during the combofix process that access was denied

Here's the resultant combofix log

ComboFix 08-11-07.01 - Jon 2008-11-07 22:44:04.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.455 [GMT 0:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon\Desktop\cfscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\atmli.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\atmli.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-07 22:51 . 2008-11-07 22:51 53,248 --a------ c:\temp\catchme.dll
2008-11-07 22:51 . 2008-11-07 22:51 16,384 --a----t- c:\temp\Perflib_Perfdata_9d8.dat
2008-11-07 22:50 . 2008-11-07 22:50 <DIR> d-------- c:\temp\WPDNSE
2008-11-07 22:50 . 2008-11-07 22:50 16,384 --a----t- c:\temp\Perflib_Perfdata_278.dat
2008-11-06 00:11 . 2008-11-06 00:11 461,360 --a------ c:\windows\system32\system23.exe
2008-11-06 00:11 . 2008-11-06 00:11 307,812 --a------ c:\windows\system32\system13.exe
2008-11-06 00:11 . 2008-11-06 00:11 176,128 --a------ C:\nss3.dll
2008-11-06 00:11 . 2008-11-06 00:11 159,232 --a------ C:\softokn3.dll
2008-11-06 00:11 . 2008-11-06 00:11 73,728 --a------ C:\nspr4.dll
2008-11-06 00:11 . 2008-11-06 00:11 8,704 --a------ C:\plc4.dll
2008-11-06 00:11 . 2008-11-06 00:11 6,144 --a------ C:\plds4.dll
2008-11-05 23:54 . 2008-11-05 23:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-05 23:36 . 2008-11-07 22:30 <DIR> d-------- c:\temp\DriverAgent
2008-11-05 00:11 . 2006-12-29 00:31 19,569 --a------ c:\windows\003098_.tmp
2008-11-05 00:06 . 2008-08-14 10:00 2,180,352 --a------ c:\windows\system32\ntoskrnl.exe
2008-11-04 23:26 . 2008-11-04 23:27 <DIR> d-------- c:\documents and settings\Jon\Application Data\Nero
2008-11-04 00:23 . 2008-11-04 00:57 <DIR> d-------- c:\program files\Nero
2008-11-04 00:20 . 2008-11-04 01:21 <DIR> d-------- c:\program files\Common Files\Nero
2008-11-04 00:15 . 2008-11-04 00:15 <DIR> d-------- c:\temp\nro.log
2008-11-03 00:03 . 2008-11-05 22:21 <DIR> d-------- c:\temp\NERO1002626
2008-11-01 00:42 . 2008-11-01 00:42 <DIR> d-------- c:\program files\VistaCodecPack
2008-11-01 00:38 . 2008-11-01 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\VistaCodecs
2008-10-29 23:31 . 2008-10-30 00:19 <DIR> d-------- c:\temp\msohtmlclip1
2008-10-29 23:31 . 2008-10-29 23:31 <DIR> d-------- c:\temp\msohtmlclip
2008-10-29 23:12 . 2008-11-05 22:21 <DIR> d-------- c:\temp\VBE
2008-10-29 22:41 . 2008-11-07 22:38 <DIR> d-------- C:\hijackthis
2008-10-28 22:55 . 2008-10-28 22:55 <DIR> d-------- c:\windows\Drivers
2008-10-28 22:55 . 2002-04-01 07:39 43,648 --a------ c:\windows\system32\drivers\ousb2hub.sys
2008-10-28 22:55 . 2001-10-05 11:54 43,269 --a------ c:\windows\system32\drivers\tpp725.sys
2008-10-28 22:55 . 2002-04-01 07:39 29,696 --a------ c:\windows\system32\drivers\ousbehci.sys
2008-10-28 22:55 . 2001-10-05 11:53 21,866 --a------ c:\program files\Common Files\tppupd2k.dll
2008-10-28 22:55 . 2008-10-28 22:55 0 --a------ C:\UFantasy.ini
2008-10-27 22:42 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-10-27 22:42 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-10-26 23:22 . 2008-10-26 23:22 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-10-20 23:47 . 2008-11-03 19:09 4,767 --a------ c:\windows\Irremote.ini
2008-10-20 23:44 . 2008-11-04 00:54 <DIR> d-------- c:\program files\Windows Sidebar
2008-10-20 22:32 . 2008-10-20 22:32 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-10-17 21:47 . 2008-06-24 12:45 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-10-17 21:47 . 2008-06-23 16:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-10-17 21:19 . 2008-10-17 21:19 1,697,280 --a------ c:\documents and settings\Jon\Application Data\winexpl.exe
2008-10-15 22:07 . 2008-10-15 22:07 <DIR> d-------- c:\temp\Adobe
2008-10-14 21:40 . 2008-10-14 21:40 2,720 --a------ c:\windows\system32\settings.aaw
2008-10-14 21:40 . 2008-10-14 21:40 1,376 --a------ c:\windows\system32\history.aaw
2008-10-13 22:24 . 2008-10-13 22:24 <DIR> d-------- c:\program files\Lavasoft
2008-10-13 22:24 . 2008-10-13 22:24 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-13 22:24 . 2008-10-14 22:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 23:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-02 22:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-29 00:43 --------- d-----w c:\program files\TMPGEnc DVD Author 3
2008-10-29 00:43 --------- d-----w c:\program files\TMPGEnc 4.0 XPress
2008-10-29 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-10-29 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\comodo
2008-10-28 23:51 --------- d-----w c:\program files\DriverGenius
2008-10-24 20:35 --------- d-----w c:\documents and settings\Jon\Application Data\U3
2008-10-22 16:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 00:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 06:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-12 23:09 --------- d-----w c:\program files\Wizardry 8
2008-10-08 23:06 --------- d-----w c:\program files\IsoBuster
2008-10-06 06:53 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-09-28 23:29 --------- d-----w c:\program files\GrabIt171
2008-09-27 00:10 --------- d-----w c:\program files\Microsoft ActiveSync
2008-09-17 23:48 --------- d-----w c:\program files\Windows Desktop Search
2008-09-17 23:45 --------- d-----w c:\documents and settings\Jon\Application Data\Comodo
2008-09-15 21:17 --------- d-----w c:\program files\Microsoft WSE
2008-09-15 21:16 --------- d-----w c:\program files\Family Tree Maker 2008
2008-09-11 21:50 --------- d-----w c:\program files\HTML Help Workshop
2008-06-16 21:35 92,064 ----a-w c:\documents and settings\Jon\mqdmmdm.sys
2008-06-16 21:35 9,232 ----a-w c:\documents and settings\Jon\mqdmmdfl.sys
2008-06-16 21:35 79,328 ----a-w c:\documents and settings\Jon\mqdmserd.sys
2008-06-16 21:35 66,656 ----a-w c:\documents and settings\Jon\mqdmbus.sys
2008-06-16 21:35 6,208 ----a-w c:\documents and settings\Jon\mqdmcmnt.sys
2008-06-16 21:35 5,936 ----a-w c:\documents and settings\Jon\mqdmwhnt.sys
2008-06-16 21:35 4,048 ----a-w c:\documents and settings\Jon\mqdmcr.sys
2008-06-16 21:35 25,600 ----a-w c:\documents and settings\Jon\usbsermptxp.sys
2008-06-16 21:35 22,768 ----a-w c:\documents and settings\Jon\usbsermpt.sys
2006-03-16 22:26 91 ----a-w c:\program files\Crash.log
2006-02-03 18:27 1,260,032 ----a-w c:\program files\VsoStart.exe
2005-11-07 14:55 2,082,304 ----a-w c:\program files\PcSetup.exe
2005-05-22 17:46 5,608,448 ----a-w c:\program files\VsoStartSkin.dll
2005-05-13 17:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 11:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r c:\windows\x2.64.exe
2008-07-16 22:22 168 --sh--r c:\windows\system32\0D567F53A4.sys
2007-05-29 21:55 88 --sh--r c:\windows\system32\10C4D9967A.sys
2005-06-26 15:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r c:\windows\system32\cygz.dll
2006-04-27 10:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 13:16 240,128 --sha-r c:\windows\system32\x.264.exe
2007-01-14 22:53 2,815,264 --sha-w c:\windows\system32\drivers\fidbox.dat
2007-01-14 22:53 97,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_22.23.41.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-05 23:55:36 2,535,424 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\0f26690c43ac85139172b205d0c5e31a\DriversHQ.DriverDetective.Client.ni.exe
+ 2008-11-05 23:55:39 57,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\66b5d9417069d39040b563cd51757a1d\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2008-11-05 23:55:39 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\aa44e20707330a28787ca921baa45bb8\DriversHQ.DriverDetective.Common.ni.dll
+ 2008-11-05 23:55:38 253,952 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ce5b2d51d90578b549732c919c0ddb40\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2008-11-05 23:55:40 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\8156e585829352ffed2b05fd3ceaea9a\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2008-11-05 23:55:47 2,441,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2008-11-05 23:55:49 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\84b97134b94449de89075277f80fc43f\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2008-11-05 23:55:41 368,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\de10584876f793036ef5eb208bbcc3c8\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2008-11-05 23:55:48 356,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\f0b8d81426ccacdd479c64ca04eb9649\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2008-11-05 23:55:48 77,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a514e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2008-11-05 23:55:43 1,064,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2008-11-05 23:55:50 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\1fcfda856b6a110ed833efa1ec27e647\XPBurnComponent.ni.dll
+ 2000-08-31 08:00:00 98,816 ----a-w c:\windows\sed.exe
- 2008-11-05 19:17:35 98,262 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-07 22:35:01 98,262 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-05 19:17:35 510,276 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-07 22:35:01 510,276 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5B12942-FB14-4889-A63E-343B85E36A09}]
2008-10-03 22:53 116992 --a------ c:\windows\system32\atmli.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"Norton Ghost 14.0"="c:\program files\Norton Ghost 14\Agent\VProTray.exe" [2008-05-07 2245984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 180269]
"TPP Auto Loader"="c:\windows\TPPALDR.EXE" [2002-06-24 118784]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2008-08-26 1103712]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\Logi_MwX.Exe]
"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.32.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.32.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.32.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Personal Firewall]
--a------ 2008-06-18 15:15 1313632 c:\program files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2008-05-15 16:29 54576 c:\program files\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-05-11 13:48 127118 c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-11-25 19:15 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 14:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

R0 bfenmtaa;bfenmtaa;c:\windows\system32\drivers\bfenmtaa.sys [2004-08-04 23424]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-09-21 9216]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2007-05-18 39424]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2005-08-25 11279]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-10-30 2368]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-08-04 5120]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe [2008-05-07 1558000]
R3 TPPFX;USB Storage Adapter FX (TPP);c:\windows\system32\DRIVERS\TPPFX.SYS [2002-06-24 32256]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [ ]
S2 P32LOAD;Intel(R) AnyPoint(R) 3240 USB Modem Firmware Loader;c:\windows\system32\DRIVERS\p31usbld.sys [2002-04-23 18906]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2005-08-25 11279]
S3 BIOSCHK;BIOSCHK;c:\temp\TIIF6.tmp\disk1\BIOSCHK.SYS [ ]
S3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\Drivers\CyUsbNT.sys [2005-02-16 28800]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2006-09-05 217600]
S3 TPP300;USB Storage Adapter V3 (TPP);c:\windows\system32\DRIVERS\TPP300.SYS [ ]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2006-12-02 48128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\A92534099192A881.job
- c:\docume~1\jon\applic~1\cashbu~1\mix anti cake.exe []
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 22:51:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCESS: c:\windows\explorer.exe
-> c:\program files\iolo\common\lib\ioloHL.dll

PROCESS: c:\windows\system32\csrss.exe
-> c:\program files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\windows\system32\imapi.exe
c:\windows\TPPNTTRY.EXE
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Norton Ghost 14\Agent\VProSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\802.11 Wireless LAN\SiSWLSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2008-11-07 22:58:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-07 22:57:50
ComboFix2.txt 2008-11-07 22:37:31
ComboFix3.txt 2008-11-05 22:24:54

Pre-Run: 7,926,407,168 bytes free
Post-Run: 7,902,502,912 bytes free

292 --- E O F --- 2008-11-07 22:18:53

and the new hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:15, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Norton Ghost 14\Agent\VProTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\tppnttry.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Norton Ghost 14\Agent\VProSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\802.11 Wireless LAN\SiSWLSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C5B12942-FB14-4889-A63E-343B85E36A09} - C:\WINDOWS\system32\atmli.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "c:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost 14\Agent\VProTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/a...tent/AcpIR.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - c:\Program Files\Nero\Nero 9\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost 14\Agent\VProSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\SiSWLSvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost 14\Shared\Drivers\SymSnapService.exe

--
End of file - 12359 bytes

Jon

• Download Avenger by Swandog and unzip it to your Desktop.
  
  Note: This program must be run from an account with Administrator privileges.
  
  
• Open the Avenger folder and double click Avenger.exe to launch the programme.
• Copy the text in the code box below and Paste it into the Input script here: box.

• Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  
  
• Ensure the following:
  • Scan for Rootkits is checked.
  • Automatically disable any rootkits found is Unchecked.
• Press the Execute key.
• Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
• Post the log back here please. (it can also be found at C:\avenger.txt)

Hi crunchie

Here's the log produced

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:\windows\system32\atmli.dll"
Deletion of file "c:\windows\system32\atmli.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

Please boot into safe mode and repeat the process. If it still does not work, we will try something else .

delete it via recovery console?

Hi crunchie

No joy with Avenger in safe mode either

here is the log

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:\windows\system32\atmli.dll"
Deletion of file "c:\windows\system32\atmli.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.