Hi, thanks for your help in the past, but the dreaded CiD is back can you help me please?

HJT Log


Logfile of HijackThis v1.99.1
Scan saved at 15:30:18, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\Paula\Desktop\Anti Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\vtylmfnj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SMART Mirror Driver Monitor Service] "C:\Documents and Settings\Paula\Application Data\
O4 - HKLM\..\Run: [bind second blue platform] C:\Documents and Settings\All Users\Application Data\plus burn bind second\PileOwns.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [64 inter flaw hold] C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter\face readme.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKCU\..\Run: [Cdrom wait] C:\DOCUME~1\Paula\APPLIC~1\OPTION~1\WARN ENC.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAC9C9B-1457-4EEF-AC03-9CCE9B4459E8}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies - C:\Documents and Settings\Paula\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Unistall list

3GP Video Converter 3
8PlayerPatch
AC3Filter (remove only)
Adobe Flash Player ActiveX
Adobe Photoshop CS
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Audio2VCD
AVG 7.5
AVG Anti-Spyware 7.5
AVI DivX to DVD SVCD VCD Converter 1.1.2
AVI to VCD/DVD 4.02
AviSynth 2.5
BlueSoleil
Boilosft AVI to VCD SVCD DVD Converter 1.28
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
Broken Sword - The Sleeping Dragon
BT Softphone 1.5.3.6
BT Voyager Wireless Utility
BT Yahoo! Applications
CCleaner (remove only)
CloneCD
CloneDVD 3.5
Command & Conquer Generals
Command & Conquer Tiberian Sun
Command and ConquerTM Generals Zero Hour
ConvertMovie 2.0
coverXP (remove only)
Crimson Skies (c) Microsoft
Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro 4.17
Cucusoft MPEG to DVD Burner 2.18
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 5.07.1
Dan Elwell's Broadband Speed Test
DC++ 0.699
Dell ResourceCD
DivX Player
Driving Test Success 2003-2004
DVD Flick
EA SPORTS online 2007
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR300 Reference Guide
ESPR300 Software Guide
ESPR300 Standalone Guide
FamilyFeudOnlineParty (remove only)
Free Video to iPod Converter version 2.4
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
Half-Life(R) 2
Hazard Perception Training 2003-2004
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Huffyuv AVI lossless video codec (Remove Only)
Image Resizer Powertoy for Windows XP
Intel(R) 537EP V9x DF PCI Modem
IrfanView (remove only)
IsoBuster 2.1
iTunes
Java(TM) 6 Update 2
Jewel Quest (remove only)
Luxor
Luxor
Luxor - Amun Rising
Luxor 2 (remove only)
Macromedia Authorware Web Player
Media Manager for WALKMAN 1.1
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Crimson Skies
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Monopoly
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton Spyware Scan provided by Yahoo!
OpenMG Secure Module 4.7.00
PC Connectivity Solution
PC VGA Camer@
PIF DESIGNER2.1
PowerDVD 5.3
Quick CD/DVD Burner V2.6
QuickTime
RealPlayer
Registry Mechanic 4.0
Restaurant Empire
Scrabble (remove only)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Shockwave
Silent Hunter III
Sim AQUARIUM 2
SimAQUARIUM2 Tank-1 Screensaver
Sky Broadband
Skype 2.0
Sonic 3D
Sonic DLA
SoundFont Bank Manager
Spybot - Search & Destroy 1.4
Steam(TM)
Super DVD Creator 5.0
The Sims
The Sims 2
Theme Hospital
Total Annihilation
Trust Webcam 14823
Uninstall 1.0.0.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
V5388 Digital Camera Driver
VCDEasy
VideoLAN VLC media player 0.8.6a
Westwood Shared Internet Components
WinAce Archiver
WinAVI VideoConverter
WinAVIVideoConverter
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
Zuma Deluxe 1.0

Here is the reason for the infection below

Messenger Plus! Live & Sponsor (CiD)

Uninstall from add/remove program and follow prompts as you uninstall

Reboot after the uninstall






If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



Please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:http://www.trendsecure.com/portal/en...HJTInstall.exe

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thx 4 that.......here is the combo fix log

ComboFix 08-01-04.1 - Paula 2008-01-07 13:25:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.528 [GMT 0:00]
Running from: C:\Documents and Settings\Paula\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\#SharedObjects\6KX9RYPN\iforex.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\#SharedObjects\6KX9RYPN\iforex.com\Emerp\Ev ents\flash_object.swf\user_data.sol
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com
C:\Documents and Settings\Paula\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ifo rex.com\settings.sol
C:\WINDOWS\gc_407.cnf
C:\WINDOWS\gsc_407.cnf
C:\WINDOWS\system32\drivers\sfsync02.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 13:39 . 2008-01-07 13:39 16,384 --a------ C:\WINDOWS\~DFF755.tmp
2008-01-07 13:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 16:05 . 2008-01-04 16:07 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\PrevxCSI
2008-01-04 16:05 . 2008-01-04 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-04 15:55 . 2008-01-04 16:06 <DIR> d-------- C:\sUBs
2007-12-30 19:14 . 2007-12-30 19:14 <DIR> d-------- C:\Program Files\iPod
2007-12-30 19:08 . 2008-01-07 13:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 19:08 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-30 19:08 . 2007-12-30 19:08 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 19:07 . 2007-12-30 19:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-22 12:26 . 2007-12-22 12:26 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-22 12:25 . 2007-12-22 12:25 <DIR> d-------- C:\Program Files\DVDVideoSoft
2007-12-22 11:29 . 2007-12-22 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-22 11:25 . 2007-12-30 19:12 <DIR> d-------- C:\Program Files\QuickTime
2007-12-22 11:24 . 2007-12-22 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-22 11:22 . 2007-12-22 11:22 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\Sony Setup
2007-12-16 18:57 . 2008-01-07 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter
2007-12-16 16:50 . 2007-12-16 16:50 <DIR> d-------- C:\WINDOWS\Google Toolbar
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 12:38 . 2007-12-09 12:38 <DIR> d-------- C:\Program Files\BT Voyager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-07 13:22 --------- d-----w C:\Program Files\MSN Messenger
2008-01-06 21:58 --------- d-----w C:\Program Files\DC++
2008-01-04 15:57 1,060 ----a-w C:\delete.bat
2008-01-04 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-31 19:43 --------- d-----w C:\Documents and Settings\Paula\Application Data\Apple Computer
2007-12-30 19:14 --------- d-----w C:\Program Files\iTunes
2007-12-22 11:29 --------- d-----w C:\Documents and Settings\Paula\Application Data\Sony
2007-12-22 11:26 --------- d-----w C:\Program Files\Sony
2007-12-22 11:24 --------- d-----w C:\Program Files\Apple Software Update
2007-12-22 11:21 --------- d-----w C:\Program Files\Sony Setup
2007-12-22 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 11:19 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-12-16 19:13 --------- d-----w C:\Documents and Settings\Paula\Application Data\uTorrent
2007-12-09 12:38 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-12-04 21:05 --------- d-----w C:\Program Files\iWin
2007-11-17 13:05 --------- d-----w C:\Program Files\ArcSoft
2007-11-17 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 12:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-17 12:07 --------- d-----w C:\Program Files\Yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 17:14 --------- d-----w C:\Documents and Settings\Paula\Application Data\Nokia Multimedia Player
2007-11-09 16:25 --------- d-----w C:\Program Files\Sky Broadband
2007-11-07 14:05 --------- d-----w C:\Documents and Settings\Paula\Application Data\Nokia
2007-11-07 13:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-07 13:09 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-07 13:09 --------- d-----w C:\Program Files\Nokia
2007-11-07 13:09 --------- d-----w C:\Program Files\DIFX
2007-11-07 13:09 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-07 13:09 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-07 13:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-10 12:38 146,944 --sha-w C:\Program Files\Thumbs.db
2006-01-11 15:18 11,061,517 ----a-w C:\WINDOWS\Internet Logs\imsDebug.zip
2001-10-11 13:52 1 ----a-w C:\Program Files\lnpth.lnf
2001-10-11 13:22 4,973,337 ----a-w C:\Program Files\unpack.exe
2001-10-11 13:18 44 ----a-w C:\Program Files\setup.lun
2001-09-18 19:23 526 ----a-w C:\Program Files\tipke.lkf
2001-09-18 19:23 14 ----a-w C:\Program Files\conf.lun
2001-09-18 19:23 1 ----a-w C:\Program Files\cnfx.lun
2001-09-18 19:21 427,757 ----a-w C:\Program Files\autosave.sav
2001-09-18 19:21 0 -c--a-w C:\Program Files\tmp.txt
2001-09-18 19:13 0 -c--a-w C:\Program Files\tmpd.txt
2001-09-18 19:13 0 -c--a-w C:\Program Files\objekti.lun
2001-09-13 20:39 162 ---ha-w C:\Program Files\~$help.doc
2001-08-24 14:01 81,408 ----a-w C:\Program Files\Read me.doc
2001-08-24 13:34 3,247,104 ----a-w C:\Program Files\help.doc
2001-08-24 12:56 66,612 ----a-w C:\Program Files\production_1.bmp
2001-08-23 14:02 66,612 ----a-w C:\Program Files\nuklea.BMP
2001-08-23 13:07 66,616 ----a-w C:\Program Files\center.bmp
2001-08-23 12:58 66,612 ----a-w C:\Program Files\inflat.bmp
2001-08-22 08:28 96,588 ----a-w C:\Program Files\razgovor.lun
2001-08-21 15:00 7,102,692 ----a-w C:\Program Files\pocetak.wav
2001-08-21 01:46 66,616 ----a-w C:\Program Files\Main_2.bmp
2001-08-21 01:46 66,616 ----a-w C:\Program Files\Main_1.bmp
2001-08-20 17:02 17,208 ----a-w C:\Program Files\miss_8.bmp
2001-08-20 17:00 5,104 ----a-w C:\Program Files\lem2_n.bmp
2001-08-20 16:57 4,592 ----a-w C:\Program Files\21_n.bmp
2001-08-20 16:57 4,576 ----a-w C:\Program Files\58_n.bmp
2001-08-18 13:18 561,152 ----a-w C:\Program Files\MT.exe
2001-08-16 14:28 66,616 ----a-w C:\Program Files\legacy_2.bmp
2001-08-16 14:28 66,616 ----a-w C:\Program Files\legacy_1.bmp
2001-08-16 14:27 66,616 ----a-w C:\Program Files\legacy_4.bmp
2001-08-16 14:27 66,616 ----a-w C:\Program Files\legacy_3.bmp
2001-08-03 19:06 36,864 ----a-w C:\Program Files\nadji.exe
2001-07-30 13:17 13 ----a-w C:\Program Files\rzts.lun
2001-07-18 16:27 174 ----a-w C:\Program Files\playlist.lun
2001-07-18 07:19 66,616 ----a-w C:\Program Files\medical.bmp
2001-07-18 07:19 5,176 ----a-w C:\Program Files\medical_m.bmp
2001-07-18 07:19 5,176 ----a-w C:\Program Files\medi_m.bmp
2001-07-12 15:36 98,304 ----a-w C:\Program Files\test.exe
2001-07-02 10:53 139 ----a-w C:\Program Files\Moon Tycoon web page.url
2001-07-02 10:26 160,768 ----a-w C:\Program Files\Moon_Tycoon_Setup.exe
2001-07-02 07:29 5,912 ----a-w C:\Program Files\obj.lun
2001-07-01 20:19 66,612 ----a-w C:\Program Files\crowd_4.bmp
2001-07-01 20:19 66,612 ----a-w C:\Program Files\crowd_3.bmp
2001-07-01 20:19 66,612 ----a-w C:\Program Files\crowd_2.bmp
2001-07-01 20:18 66,612 ----a-w C:\Program Files\crowd_1.bmp
2001-07-01 19:30 5,172 ----a-w C:\Program Files\inflat_m.bmp
2001-07-01 19:21 5,176 ----a-w C:\Program Files\mega1_m.bmp
2001-07-01 19:10 5,172 ----a-w C:\Program Files\advhab_m.bmp
2001-07-01 19:10 5,172 ----a-w C:\Program Files\advha2_m.bmp
2001-07-01 19:04 5,172 ----a-w C:\Program Files\remote_m.bmp
2001-07-01 19:03 17,460 ----a-w C:\Program Files\tube2.bmp
2001-07-01 18:58 5,172 ----a-w C:\Program Files\sbuild_m.bmp
2001-07-01 18:57 5,172 ----a-w C:\Program Files\dark_m.bmp
2001-07-01 18:53 5,172 ----a-w C:\Program Files\alpowe_m.bmp
2001-07-01 18:52 5,172 ----a-w C:\Program Files\tvorni_m.bmp
2001-07-01 18:51 481,076 ----a-w C:\Program Files\new2_800.bmp
2001-07-01 18:48 5,172 ----a-w C:\Program Files\nucle_m.bmp
2001-07-01 18:47 787,508 ----a-w C:\Program Files\new2_1024.bmp
2001-07-01 18:47 5,172 ----a-w C:\Program Files\slab_m.bmp
2001-07-01 18:47 5,172 ----a-w C:\Program Files\oxyg_m.bmp
2001-07-01 18:46 5,172 ----a-w C:\Program Files\stadiu_m.bmp
2001-07-01 18:42 308,276 ----a-w C:\Program Files\new2_640.bmp
2001-07-01 18:03 66,612 ----a-w C:\Program Files\voice_2.bmp
2001-07-01 18:02 66,612 ----a-w C:\Program Files\voice_1.bmp
2001-07-01 18:01 66,612 ----a-w C:\Program Files\voice_4.bmp
2001-07-01 18:01 66,612 ----a-w C:\Program Files\voice_3.bmp
2001-07-01 17:40 66,612 ----a-w C:\Program Files\ad-re_1.bmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-12-02 20:05 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-03-31 15:30 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 18:30 1491216]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05 122939]
"NWEReboot"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 20:36 180269]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0F2.exe" [2003-09-11 03:00 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-12 13:55 110592 C:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 12:54 339968]
"SMART Mirror Driver Monitor Service"="C:\Documents and Settings\Paula\Application Data\" [2008-01-07 13:23 0]
"bind second blue platform"="C:\Documents and Settings\All Users\Application Data\plus burn bind second\PileOwns.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 02:10 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 12:45 36040]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-17 12:13 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32]
winuns32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-23 18:19 57344 --------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
2006-07-31 20:00 19857408 --a------ C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 15:19 129536 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

R3 smrtdrv;SMART Technologies Inc. Mirror Driver;C:\WINDOWS\system32\DRIVERS\smrtdrv.sys [2007-06-01 12:45]
S2 mwEvtMgr;Microsoft Windows Event Manager;C:\WINDOWS\system32\mwEvtMgr.exe [2005-10-13 19:37]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;C:\Documents and Settings\Paula\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe [2007-06-01 12:45]
S3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys []
S3 kbeepm;kbeepm;C:\DOCUME~1\Paula\LOCALS~1\Temp\kbee pm.sys []
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-07-20 06:20]
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 12:34]
S3 STV673;STV0673 Camera;C:\WINDOWS\system32\drivers\STV673.sys [2000-09-15 10:12]
S3 ulusba;NEC 616 Command Port Driver;C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-22 16:00]
S3 ulusbc;NEC 616 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-22 16:00]
S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-22 16:00]
S3 ulusbm;NEC 616 Modem Driver;C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-22 16:00]
S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-23 16:00]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 11:24:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-07 13:42:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 13:39:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager = C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet??E

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-07 13:50:53 - machine was rebooted [Paula]
ComboFix-quarantined-files.txt 2008-01-07 13:50:51
ComboFix2.txt 2007-12-17 12:39:15
ComboFix3.txt 2007-08-22 15:58:32
.
2007-12-28 01:40:57 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:00, on 07/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SMART Mirror Driver Monitor Service] "C:\Documents and Settings\Paula\Application Data\
O4 - HKLM\..\Run: [bind second blue platform] C:\Documents and Settings\All Users\Application Data\plus burn bind second\PileOwns.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAC9C9B-1457-4EEF-AC03-9CCE9B4459E8}: NameServer = 192.168.0.1
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies - C:\Documents and Settings\Paula\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11998 bytes

Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\WINDOWS\~DFF755.tmp


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html



Open notepad and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

Folder::
C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter
C:\Documents and Settings\All Users\Application Data\plus burn bind second

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"bind second blue platform"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Thx again

COMBO FIX

ComboFix 08-01-04.1 - Paula 2008-01-12 10:37:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.524 [GMT 0:00]
Running from: C:\Documents and Settings\Paula\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paula\Desktop\CFScript
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-10 11:56 . 2008-01-10 11:56 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\Roxio
2008-01-10 11:37 . 2008-01-10 11:56 <DIR> d-------- C:\Program Files\Napster
2008-01-10 11:37 . 2008-01-10 11:37 <DIR> d-------- C:\Program Files\Common Files\Napster Shared
2008-01-10 11:37 . 2008-01-10 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-01-07 13:39 . 2008-01-07 13:39 16,384 --a------ C:\WINDOWS\~DFF755.tmp
2008-01-07 13:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 16:05 . 2008-01-04 16:07 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\PrevxCSI
2008-01-04 16:05 . 2008-01-04 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-04 15:55 . 2008-01-04 16:06 <DIR> d-------- C:\sUBs
2007-12-30 19:14 . 2007-12-30 19:14 <DIR> d-------- C:\Program Files\iPod
2007-12-30 19:08 . 2008-01-12 09:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 19:08 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-30 19:08 . 2007-12-30 19:08 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-30 19:07 . 2007-12-30 19:07 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-22 12:26 . 2007-12-22 12:26 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2007-12-22 12:25 . 2007-12-22 12:25 <DIR> d-------- C:\Program Files\DVDVideoSoft
2007-12-22 11:29 . 2007-12-22 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2007-12-22 11:25 . 2007-12-30 19:12 <DIR> d-------- C:\Program Files\QuickTime
2007-12-22 11:24 . 2007-12-22 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-22 11:22 . 2007-12-22 11:22 <DIR> d-------- C:\Documents and Settings\Paula\Application Data\Sony Setup
2007-12-16 18:57 . 2008-01-07 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter
2007-12-16 16:50 . 2007-12-16 16:50 <DIR> d-------- C:\WINDOWS\Google Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-10 11:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 13:22 --------- d-----w C:\Program Files\MSN Messenger
2008-01-06 21:58 --------- d-----w C:\Program Files\DC++
2008-01-04 15:57 1,060 ----a-w C:\delete.bat
2008-01-04 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-31 19:43 --------- d-----w C:\Documents and Settings\Paula\Application Data\Apple Computer
2007-12-30 19:14 --------- d-----w C:\Program Files\iTunes
2007-12-22 11:29 --------- d-----w C:\Documents and Settings\Paula\Application Data\Sony
2007-12-22 11:26 --------- d-----w C:\Program Files\Sony
2007-12-22 11:24 --------- d-----w C:\Program Files\Apple Software Update
2007-12-22 11:21 --------- d-----w C:\Program Files\Sony Setup
2007-12-22 11:19 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-12-16 19:13 --------- d-----w C:\Documents and Settings\Paula\Application Data\uTorrent
2007-12-09 12:38 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-12-09 12:38 --------- d-----w C:\Program Files\BT Voyager
2007-12-04 21:05 --------- d-----w C:\Program Files\iWin
2007-11-17 13:05 --------- d-----w C:\Program Files\ArcSoft
2007-11-17 12:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 12:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-17 12:07 --------- d-----w C:\Program Files\Yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-10 12:38 146,944 --sha-w C:\Program Files\Thumbs.db
2006-01-11 15:18 11,061,517 ----a-w C:\WINDOWS\Internet Logs\imsDebug.zip
2001-10-11 13:52 1 ----a-w C:\Program Files\lnpth.lnf
2001-10-11 13:22 4,973,337 ----a-w C:\Program Files\unpack.exe
2001-10-11 13:18 44 ----a-w C:\Program Files\setup.lun
2001-09-18 19:23 526 ----a-w C:\Program Files\tipke.lkf
2001-09-18 19:23 14 ----a-w C:\Program Files\conf.lun
2001-09-18 19:23 1 ----a-w C:\Program Files\cnfx.lun
2001-09-18 19:21 427,757 ----a-w C:\Program Files\autosave.sav
2001-09-18 19:21 0 -c--a-w C:\Program Files\tmp.txt
2001-09-18 19:13 0 -c--a-w C:\Program Files\tmpd.txt
2001-09-18 19:13 0 -c--a-w C:\Program Files\objekti.lun
2001-09-13 20:39 162 ---ha-w C:\Program Files\~$help.doc
2001-08-24 14:01 81,408 ----a-w C:\Program Files\Read me.doc
2001-08-24 13:34 3,247,104 ----a-w C:\Program Files\help.doc
2001-08-24 12:56 66,612 ----a-w C:\Program Files\production_1.bmp
2001-08-23 14:02 66,612 ----a-w C:\Program Files\nuklea.BMP
2001-08-23 13:07 66,616 ----a-w C:\Program Files\center.bmp
2001-08-23 12:58 66,612 ----a-w C:\Program Files\inflat.bmp
2001-08-22 08:28 96,588 ----a-w C:\Program Files\razgovor.lun
2001-08-21 15:00 7,102,692 ----a-w C:\Program Files\pocetak.wav
2001-08-21 01:46 66,616 ----a-w C:\Program Files\Main_2.bmp
2001-08-21 01:46 66,616 ----a-w C:\Program Files\Main_1.bmp
2001-08-20 17:02 17,208 ----a-w C:\Program Files\miss_8.bmp
2001-08-20 17:00 5,104 ----a-w C:\Program Files\lem2_n.bmp
2001-08-20 16:57 4,592 ----a-w C:\Program Files\21_n.bmp
2001-08-20 16:57 4,576 ----a-w C:\Program Files\58_n.bmp
2001-08-18 13:18 561,152 ----a-w C:\Program Files\MT.exe
2001-08-16 14:28 66,616 ----a-w C:\Program Files\legacy_2.bmp
2001-08-16 14:28 66,616 ----a-w C:\Program Files\legacy_1.bmp
2001-08-16 14:27 66,616 ----a-w C:\Program Files\legacy_4.bmp
2001-08-16 14:27 66,616 ----a-w C:\Program Files\legacy_3.bmp
2001-08-03 19:06 36,864 ----a-w C:\Program Files\nadji.exe
2001-07-30 13:17 13 ----a-w C:\Program Files\rzts.lun
2001-07-18 16:27 174 ----a-w C:\Program Files\playlist.lun
2001-07-18 07:19 66,616 ----a-w C:\Program Files\medical.bmp
2001-07-18 07:19 5,176 ----a-w C:\Program Files\medical_m.bmp
2001-07-18 07:19 5,176 ----a-w C:\Program Files\medi_m.bmp
2001-07-12 15:36 98,304 ----a-w C:\Program Files\test.exe
2001-07-02 10:53 139 ----a-w C:\Program Files\Moon Tycoon web page.url
2001-07-02 10:26 160,768 ----a-w C:\Program Files\Moon_Tycoon_Setup.exe
2001-07-02 07:29 5,912 ----a-w C:\Program Files\obj.lun
2001-07-01 20:19 66,612 ----a-w C:\Program Files\crowd_4.bmp
2001-07-01 20:19 66,612 ----a-w C:\Program Files\crowd_3.bmp
2001-07-01 20:19 66,612 ----a-w C:\Program Files\crowd_2.bmp
2001-07-01 20:18 66,612 ----a-w C:\Program Files\crowd_1.bmp
2001-07-01 19:30 5,172 ----a-w C:\Program Files\inflat_m.bmp
2001-07-01 19:21 5,176 ----a-w C:\Program Files\mega1_m.bmp
2001-07-01 19:10 5,172 ----a-w C:\Program Files\advhab_m.bmp
2001-07-01 19:10 5,172 ----a-w C:\Program Files\advha2_m.bmp
2001-07-01 19:04 5,172 ----a-w C:\Program Files\remote_m.bmp
2001-07-01 19:03 17,460 ----a-w C:\Program Files\tube2.bmp
2001-07-01 18:58 5,172 ----a-w C:\Program Files\sbuild_m.bmp
2001-07-01 18:57 5,172 ----a-w C:\Program Files\dark_m.bmp
2001-07-01 18:53 5,172 ----a-w C:\Program Files\alpowe_m.bmp
2001-07-01 18:52 5,172 ----a-w C:\Program Files\tvorni_m.bmp
2001-07-01 18:51 481,076 ----a-w C:\Program Files\new2_800.bmp
2001-07-01 18:48 5,172 ----a-w C:\Program Files\nucle_m.bmp
2001-07-01 18:47 787,508 ----a-w C:\Program Files\new2_1024.bmp
2001-07-01 18:47 5,172 ----a-w C:\Program Files\slab_m.bmp
2001-07-01 18:47 5,172 ----a-w C:\Program Files\oxyg_m.bmp
2001-07-01 18:46 5,172 ----a-w C:\Program Files\stadiu_m.bmp
2001-07-01 18:42 308,276 ----a-w C:\Program Files\new2_640.bmp
2001-07-01 18:03 66,612 ----a-w C:\Program Files\voice_2.bmp
2001-07-01 18:02 66,612 ----a-w C:\Program Files\voice_1.bmp
2001-07-01 18:01 66,612 ----a-w C:\Program Files\voice_4.bmp
2001-07-01 18:01 66,612 ----a-w C:\Program Files\voice_3.bmp
2001-07-01 17:40 66,612 ----a-w C:\Program Files\ad-re_1.bmp
2001-07-01 17:38 66,612 ----a-w C:\Program Files\ad-ut_1.bmp
2001-07-01 17:37 66,612 ----a-w C:\Program Files\ad-ut_3.bmp
2001-07-01 17:35 66,612 ----a-w C:\Program Files\ad-op_3.bmp
2001-07-01 17:35 66,612 ----a-w C:\Program Files\ad-op_1.bmp
2001-07-01 17:30 66,608 ----a-w C:\Program Files\ad-in_3.bmp
2001-07-01 17:28 66,608 ----a-w C:\Program Files\ad-in_1.bmp
2001-07-01 17:12 66,612 ----a-w C:\Program Files\special_4.bmp
2001-07-01 17:12 66,612 ----a-w C:\Program Files\special_3.bmp
.

((((((((((((((((((((((((((((( snapshot@2008-01-07_13.50.37.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-05-18 13:32:40 598,016 ----a-w C:\WINDOWS\system32\CDDBControlRoxio.dll
+ 2004-03-08 15:02:58 761,856 ----a-w C:\WINDOWS\system32\CDDBUIRoxio.dll
+ 2005-09-07 13:38:50 81,920 ----a-w C:\WINDOWS\system32\cdral.dll
+ 2005-09-07 13:38:48 77,824 ----a-w C:\WINDOWS\system32\cdrtc.dll
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2005-09-07 13:29:44 44,288 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2005-09-07 13:32:58 24,960 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 1836 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-14 19:04:38 60,400 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-07 18:57:07 60,284 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-14 19:04:38 398,412 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-07 18:57:07 398,104 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-12-02 20:05 1266936]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-03-31 15:30 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 18:30 1491216]
"Chronograph"="C:\Program Files\Chronograph\chrono.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 01:05 122939]
"NWEReboot"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 20:36 180269]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0F2.exe" [2003-09-11 03:00 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-12 13:55 110592 C:\WINDOWS\system32\bthprops.cpl]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2005-10-11 12:54 339968]
"SMART Mirror Driver Monitor Service"="C:\Documents and Settings\Paula\Application Data\" [2008-01-10 11:56 0]
"bind second blue platform"="C:\Documents and Settings\All Users\Application Data\plus burn bind second\PileOwns.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 02:10 579072]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36 323216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 12:45 36040]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-17 12:13 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-23 18:19 57344 --------- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
2006-07-31 20:00 19857408 --a------ C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier. exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 15:19 129536 --a------ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

R3 smrtdrv;SMART Technologies Inc. Mirror Driver;C:\WINDOWS\system32\DRIVERS\smrtdrv.sys [2007-06-01 12:45]
S2 mwEvtMgr;Microsoft Windows Event Manager;C:\WINDOWS\system32\mwEvtMgr.exe [2005-10-13 19:37]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;C:\Documents and Settings\Paula\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe [2007-06-01 12:45]
S3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys []
S3 kbeepm;kbeepm;C:\DOCUME~1\Paula\LOCALS~1\Temp\kbee pm.sys []
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-07-20 06:20]
S3 PAC7311;VGA SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 12:34]
S3 STV673;STV0673 Camera;C:\WINDOWS\system32\drivers\STV673.sys [2000-09-15 10:12]
S3 ulusba;NEC 616 Command Port Driver;C:\WINDOWS\system32\DRIVERS\ulusba.sys [2003-06-22 16:00]
S3 ulusbc;NEC 616 CONTROL Driver;C:\WINDOWS\system32\DRIVERS\ulusbc.sys [2003-06-22 16:00]
S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINDOWS\system32\DRIVERS\ulusbe.sys [2003-06-22 16:00]
S3 ulusbm;NEC 616 Modem Driver;C:\WINDOWS\system32\DRIVERS\ulusbm.sys [2003-06-22 16:00]
S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINDOWS\system32\DRIVERS\ulusbo.sys [2003-07-23 16:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 11:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-12 09:27:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 10:48:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager = C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet??E

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-12 10:49:17
ComboFix-quarantined-files.txt 2008-01-12 10:48:55
ComboFix2.txt 2008-01-07 13:50:53
ComboFix3.txt 2007-12-17 12:39:15
ComboFix4.txt 2007-08-22 15:58:32
.
2008-01-11 13:10:53 --- E O F ---


eSafe 7.0.15.0 2008.01.10 -
eTrust-Vet 31.3.5451 2008.01.11 -
Ewido 4.0 2008.01.11 -
FileAdvisor 1 2008.01.12 -
Fortinet 3.14.0.0 2008.01.12 -
F-Prot 4.4.2.54 2008.01.11 -
F-Secure 6.70.13030.0 2008.01.11 -
Ikarus T3.1.1.20 2008.01.12 -
Kaspersky 7.0.0.125 2008.01.12 -
McAfee 5205 2008.01.11 -
Microsoft 1.3109 2008.01.12 -
NOD32v2 2785 2008.01.11 -
Norman 5.80.02 2008.01.11 -
Panda 9.0.0.4 2008.01.11 -
Prevx1 V2 2008.01.12 -
Rising 20.26.52.00 2008.01.12 -
Sophos 4.24.0 2008.01.12 -
Sunbelt 2.2.907.0 2008.01.12 -
Symantec 10 2008.01.12 -
TheHacker 6.2.9.186 2008.01.11 -
VBA32 3.12.2.5 2008.01.12 -
VirusBuster 4.3.26:9 2008.01.11 -
Webwasher-Gateway 6.6.2 2008.01.12 -
Additional information
File size: 16384 bytes
MD5: 461fa4d5caab761511bf44f1123fde8b
SHA1: c04272d7a146da4b70a652b8c3e3674575cc9a86
PEiD: -



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:37, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SMART Mirror Driver Monitor Service] "C:\Documents and Settings\Paula\Application Data\
O4 - HKLM\..\Run: [bind second blue platform] C:\Documents and Settings\All Users\Application Data\plus burn bind second\PileOwns.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAC9C9B-1457-4EEF-AC03-9CCE9B4459E8}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies - C:\Documents and Settings\Paula\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12140 bytes

Safe mode if needed, Delete this folder in bold:

C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter




Run hijackthis and click on "scan system only" button and put checks next to these:


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab


Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"


Reboot your PC


How is your PC behaving now?

Hi,
Cid seems to have gone, but now it wont run the dvd drives, tried updating drivers, reinstalling etc, just doesnt recognise them!

It wasn't anything we have done so far, might be more malware hiding some where, so...let's dig a bit deeper...



Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract All,
• Open the extracted folder and double click RunThis.bat to start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum.

Do an online scan (scan only tool) with Kaspersky WebScanner
[Internet Explorer required]


Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the results of the scan back here please and a new hijackthis log.

SDFix: Version 1.129

Run by Administrator on Mon 01/21/2008 at 11:47 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\CAVEDOG\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\-72442~1 - Deleted
C:\WINDOWS\system32\CatRoot\TMP601.tmp - Deleted
C:\WINDOWS\system32\CatRoot\TMP643.tmp - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 11:53:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\0003c9a48c7b]
"0015b95c6d71"=hex:03,84,51,04,cd,bc,dc,c6,44,34,1 6,7c,bf,87,e1,90
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:bbc7dcf2
"s2"=dword:ef538083
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3b,26,f8,23,fb,47,59,70,a6,99,be,ec,d7 ,4d,ca,96,e3,00,f7,3e,5a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\0003c9a48c7b]
"0015b95c6d71"=hex:03,84,51,04,cd,bc,dc,c6,44,34,1 6,7c,bf,87,e1,90
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3b,26,f8,23,fb,47,59,70,a6,99,be,ec,d7 ,4d,ca,96,e3,00,f7,3e,5a,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 85


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Prog ram Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled: BlueSoleil"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\CAVEDOG\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 13 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 12 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 22 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e 70c80a1e476f1abf49afecb1\BIT9.tmp"
Mon 19 Mar 2007 122,880 A..H. --- "C:\Deckard\System Scanner\20070426152029\backup\DOCUME~1\Paula\LOCAL S~1\Temp\~1D7.tmp"
Tue 23 Jan 2007 122,880 A..H. --- "C:\Deckard\System Scanner\20070426152029\backup\DOCUME~1\Paula\LOCAL S~1\Temp\~7E.tmp"

Finished!

KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 4:35:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525770
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
F:\

Scan Statistics:
Total number of scanned objects: 148832
Number of viruses found: 14
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 02:34:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11152006-231759.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paula\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar/Power Spy 2006 4.0.0.56/Setup.exe/Stream/data0002 Infected: not-a-virus:Monitor.Win32.PowerSpy.400 skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar/Power Spy 2006 4.0.0.56/Setup.exe/Stream/data0009 Infected: not-a-virus:Monitor.Win32.PCSpy.c skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar/Power Spy 2006 4.0.0.56/Setup.exe/Stream/data0010 Infected: not-a-virus:Monitor.Win32.PowerSpy.a skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar/Power Spy 2006 4.0.0.56/Setup.exe/Stream/data0011 Infected: not-a-virus:Monitor.Win32.PowerSpy.a skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar/Power Spy 2006 4.0.0.56/Setup.exe/Stream Infected: not-a-virus:Monitor.Win32.PowerSpy.a skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar/Power Spy 2006 4.0.0.56/Setup.exe Infected: not-a-virus:Monitor.Win32.PowerSpy.a skipped
C:\Documents and Settings\Paula\Desktop\Shared Folder\New Downloads\Power.Spy.2006.v4.0.0.56.Keylogger.rar RAR: infected - 6 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/FamilyKeyLogger-setup.exe/data0008 Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.283 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/FamilyKeyLogger-setup.exe/data0010 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/FamilyKeyLogger-setup.exe/data0011 Infected: not-a-virus:Monitor.Win32.GoldenKeylogger.130 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/FamilyKeyLogger-setup.exe Infected: not-a-virus:Monitor.Win32.GoldenKeylogger.130 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/HomeKeyLogger-setup.exe/data0006 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.162 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/HomeKeyLogger-setup.exe/data0007 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip/HomeKeyLogger-setup.exe Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED/keylogger.zip Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx/[From "Paul Franks" <paul.franks@ntlworld.com>][Date Sun, 5 Jun 2005 11:58:06 +0100]/UNNAMED Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Identities\{3BDBB464-8261-49C3-8AC2-1616A94EFE13}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 9 skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6DB5B635-C940-450F-9E53-9EEAD24A7DAB} Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\History\History.IE5\MSHist012008012120080 122\index.dat Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\Temp\~DF181A.tmp Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\Temp\~DF1825.tmp Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Paula\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paula\ntuser.dat Object is locked skipped
C:\Documents and Settings\Paula\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Valve\Steam\Steam.log Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
C:\sUBs\ComboFix.exe/10 Infected: Trojan.WinREG.Qoologic skipped
C:\sUBs\ComboFix.exe/4 Infected: Trojan.BAT.Agent.ak skipped
C:\sUBs\ComboFix.exe/9 Infected: Trojan.BAT.Agent.al skipped
C:\sUBs\ComboFix.exe QuickBatch: infected - 3 skipped
C:\sUBs\ComboFix.exe UPX: infected - 3 skipped
C:\sUBs\ComboFix.exe PE_Patch.UPX: infected - 3 skipped
C:\sUBs\TSF\Look2Me.bat Infected: Trojan.BAT.Agent.ak skipped
C:\sUBs\TSF\Purity.bat Infected: Trojan.BAT.Agent.al skipped
C:\sUBs\TSF\Qoo.bat Infected: Trojan.WinREG.Qoologic skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0045975.exe Infected: Trojan.Win32.Inject.ss skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047961.exe/10 Infected: Trojan.WinREG.Qoologic skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047961.exe/4 Infected: Trojan.BAT.Agent.ak skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047961.exe/9 Infected: Trojan.BAT.Agent.al skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047961.exe QuickBatch: infected - 3 skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047961.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047961.exe PE_Patch.UPX: infected - 3 skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047969.bat Infected: Trojan.BAT.Agent.ak skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047974.bat Infected: Trojan.BAT.Agent.al skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP115\A0047975.bat Infected: Trojan.WinREG.Qoologic skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP117\A0052006.exe Infected: Trojan.Win32.Obfuscated.mw skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP118\A0052070.exe/10 Infected: Trojan.WinREG.Qoologic skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP118\A0052070.exe/4 Infected: Trojan.BAT.Agent.ak skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP118\A0052070.exe/9 Infected: Trojan.BAT.Agent.al skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP118\A0052070.exe QuickBatch: infected - 3 skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP118\A0052070.exe UPX: infected - 3 skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP118\A0052070.exe PE_Patch.UPX: infected - 3 skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP134\change.log Object is locked skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP65\A0029453.exe Infected: Trojan-Dropper.Win32.VB.wi skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP97\A0040144.bat Infected: Trojan.BAT.Agent.al skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP97\A0040155.bat Infected: Trojan.BAT.Agent.ak skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP97\A0040156.bat Infected: Trojan.WinREG.Qoologic skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP97\A0040166.bat Infected: Trojan.BAT.Agent.ak skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP97\A0040171.bat Infected: Trojan.BAT.Agent.al skipped
C:\System Volume Information\_restore{D25AE3E7-7DC3-4832-8B8A-F4BDC2EF8A37}\RP97\A0040172.bat Infected: Trojan.WinREG.Qoologic skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\mi2.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\WINDOWS\system32\mi2.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\WINDOWS\system32\mi2.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\WINDOWS\system32\mi2.exe WiseSFX: infected - 3 skipped
C:\WINDOWS\system32\mi2.exe WiseSFXDropper: infected - 3 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:24, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SMART Mirror Driver Monitor Service] "C:\Documents and Settings\Paula\Application Data\
O4 - HKLM\..\Run: [bind second blue platform] C:\Documents and Settings\All Users\Application Data\plus burn bind second\PileOwns.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xolaurenmcaulayox.spaces.live...d/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/temp...control013.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames...o.cab42341.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbde...ivePreQual.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAC9C9B-1457-4EEF-AC03-9CCE9B4459E8}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies - C:\Documents and Settings\Paula\Application Data\SMART Technologies Inc\Bridgit\monitorservice.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12053 bytes