ComboFix 07-11-08.3 - makem 2007-11-13 22:45:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.228 [GMT 0:00]
Running from: C:\Documents and Settings\makem\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\makem\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\cuysickr.dll
C:\WINDOWS\system32\obtvcqwq.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.
2007-11-13 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-11 20:02 <DIR> d-------- C:\Magic
2007-11-11 20:01 <DIR> d-------- C:\DOSBox-0.72
2007-11-11 12:13 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-11 12:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-10 23:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 22:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-10 22:46 <DIR> d-------- C:\Documents and Settings\makem\Application Data\SUPERAntiSpyware.com
2007-11-10 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-10 21:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-04 20:13 <DIR> d-------- C:\Program Files\FlashFXP 3.4.1.1179
2007-11-04 17:54 729,088 --a------ C:\WINDOWS\iun6002.exe
2007-11-04 17:53 <DIR> d-------- C:\Program Files\Azureus
2007-11-04 14:33 <DIR> d-------- C:\Program Files\No-IP
2007-11-02 19:29 <DIR> d-------- C:\Documents and Settings\makem\Downloads
2007-11-02 19:29 <DIR> d-------- C:\Documents and Settings\makem\Application Data\NewsLeecher
2007-11-02 19:27 <DIR> d-------- C:\Program Files\NewsLeecher
2007-11-01 18:50 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-01 18:50 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-01 18:50 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-01 18:50 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-01 18:50 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-01 18:50 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-01 18:50 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-01 18:50 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-30 21:02 <DIR> d-------- C:\Program Files\QuickTime
2007-10-30 21:02 <DIR> d-------- C:\Program Files\Apple Software Update
2007-10-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-10-23 11:58 <DIR> d-------- C:\Program Files\IrfanView
2007-10-23 11:10 <DIR> d-------- C:\Documents and Settings\makem\Application Data\Logitech
2007-10-23 11:08 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-10-23 11:06 <DIR> d-------- C:\Program Files\Logitech
2007-10-23 11:06 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-10-23 11:06 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-10-23 11:06 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-10-23 11:06 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-10-23 11:06 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-10-23 11:06 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-10-23 11:06 55,808 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-10-23 11:06 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-10-23 11:06 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-10-23 11:06 27,008 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-10-17 20:53 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-10-17 20:53 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-10-17 13:05 <DIR> d-------- C:\Program Files\Resco
2007-10-17 13:05 90,112 --a------ C:\WINDOWS\RSetupCE.exe
2007-10-16 23:21 <DIR> d-------- C:\Program Files\Westtek
2007-10-16 16:47 <DIR> d-------- C:\Program Files\Radmin Viewer 3.0
2007-10-16 16:47 <DIR> d-------- C:\Documents and Settings\makem\Application Data\Radmin
2007-10-16 16:16 <DIR> d-------- C:\Program Files\Ilium Software
2007-10-15 20:38 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-10-15 20:38 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-10-15 20:38 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 22:05 --------- d-----w C:\Program Files\Microsoft Money
2007-11-13 21:08 --------- d-----w C:\Program Files\DigiGuide TV Guide
2007-11-13 21:06 --------- d-----w C:\Program Files\zone_mIRC
2007-11-13 21:06 --------- d-----w C:\Program Files\tz_mIRC
2007-11-13 21:06 --------- d-----w C:\Program Files\tbsg_mIRC
2007-11-13 19:49 --------- d-----w C:\Program Files\GuildFTPd
2007-11-13 19:14 --------- d-----w C:\Program Files\geordies_mIRC
2007-11-13 19:13 --------- d-----w C:\Documents and Settings\makem\Application Data\MailWasherPro
2007-11-13 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-12 00:15 --------- d-----w C:\Program Files\FlashFXP
2007-11-10 22:56 --------- d-----w C:\Documents and Settings\makem\Application Data\U3
2007-11-10 22:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-10 18:29 --------- d-----w C:\Documents and Settings\makem\Application Data\Lavasoft
2007-11-10 18:23 --------- d-----w C:\Program Files\Lavasoft
2007-11-06 19:43 --------- d-----w C:\Program Files\BitTornado
2007-11-01 18:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-23 11:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-15 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-15 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-08 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-06 22:31 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-06 22:30 --------- d-----w C:\Program Files\Nero
2007-10-06 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-06 13:46 --------- d-----w C:\Program Files\AskTBar
2007-10-05 22:33 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-05 22:33 286,720 ------w C:\WINDOWS\SETUP1.EXE
2007-10-05 22:33 --------- d-----w C:\Program Files\Brad Smith
2007-10-05 16:42 --------- d-----w C:\Program Files\Microsoft AutoRoute
2007-10-04 00:05 --------- d-----w C:\Documents and Settings\makem\Application Data\Nero
2007-10-03 22:55 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-03 20:35 --------- d-----w C:\Documents and Settings\makem\Application Data\dvdcss
2007-10-03 20:13 --------- d-----w C:\Documents and Settings\makem\Application Data\.BitTornado
2007-10-02 20:16 --------- d-----w C:\Program Files\Real
2007-10-02 20:16 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-02 20:16 --------- d-----w C:\Program Files\Common Files\Real
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-22 18:23 --------- d-----w C:\Documents and Settings\makem\Application Data\Kingsoft
2007-09-22 17:40 --------- d-----w C:\Program Files\Common Files\Kingsoft
2007-09-22 17:39 --------- d-----w C:\Program Files\Kingsoft
2007-09-22 07:53 --------- d-----w C:\Program Files\SecCopy
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-18 17:24 --------- d-----w C:\Program Files\Blowfish Advanced 211
2007-09-18 17:13 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-09-18 17:13 --------- d-----w C:\Documents and Settings\makem\Application Data\TuneUp Software
2007-09-18 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-09-18 16:53 --------- d-----w C:\Documents and Settings\makem\Application Data\vlc
2007-09-18 16:50 --------- d-----w C:\Program Files\VideoLAN
2007-08-21 06:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 18:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 18:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 18:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 18:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 18:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 18:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 18:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 18:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 18:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2006-12-18 11:39]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2006-12-29 13:06]
"V0250Mon.exe"="C:\WINDOWS\V0250Mon.exe" [2006-06-08 00:00]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 16:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-15 20:37]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 16:38 C:\WINDOWS\KHALMNPR.Exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"NWEReboot"="" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
C:\Documents and Settings\makem\Start Menu\Programs\Startup\
GuildFTPd - FTP server deamon.lnk - C:\Program Files\GuildFTPd\GuildFTPd.exe [2007-10-04 13:20:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
R3 V0250Dev;Live! Cam Notebook Pro;C:\WINDOWS\system32\DRIVERS\V0250Dev.sys
R3 V0250Vfx;V0250Vfx;C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c65c478-468e-11dc-909d-00037af9450c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 17:16:27 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-13 22:46:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-13 22:47:21
.
--- E O F ---
HJ log with iseeu.exe:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:34, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\GuildFTPd\GuildFTPd.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\geordies_mIRC\mirc.exe
C:\Program Files\tbsg_mIRC\mirc.exe
C:\Program Files\tz_mIRC\mirc.exe
C:\Program Files\zone_mIRC\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Money\System\mnyschdl.exe
C:\Program Files\Microsoft Money\System\misuser.exe
C:\Program Files\Microsoft Money\System\mis.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\iseeu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GuildFTPd - FTP server deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O15 - ESC Trusted Zone:
http://*.update.microsoft.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crl ... crlocx.ocxO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su2/CTL_V02002/ ... /CTPID.cabO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - -"C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 7084 bytes
Many thanks