I couldn't get Kapersky to work, the Active X thing wouldn't install but I used Panda Activescan again as it's the one I usually use and it didn't find anything.
Here's the Combofix log
"Katrina" - 07-01-20 19:46:13 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Katrina\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))
2007-01-20 18:31 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-20 14:36 <DIR> d-------- C:\Program Files\Common Files\eztools
2007-01-20 14:26 292 --a------ C:\WINDOWS\regfix.reg
2007-01-19 21:24 <DIR> d-------- C:\Program Files\DVD Identifier
2007-01-19 21:18 <DIR> d-------- C:\Program Files\RoughDraft
2007-01-19 21:17 <DIR> d-------- C:\Program Files\SnookerAndPool
2007-01-19 21:17 <DIR> d-------- C:\Program Files\KoolMoves Lite
2007-01-19 16:57 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-19 16:55 <DIR> d-------- C:\Program Files\dansgames.net
2007-01-19 16:53 <DIR> d-------- C:\Program Files\Steganos Security Suite 7
2007-01-19 16:21 <DIR> d-------- C:\Program Files\Car Thief
2007-01-19 16:20 <DIR> d-------- C:\Program Files\Autoplay Repair
2007-01-19 16:20 <DIR> d-------- C:\Program Files\Astral
2007-01-19 13:02 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-01-19 13:01 <DIR> d-------- C:\Program Files\Self Evident Enterprises
2007-01-19 12:46 <DIR> d-------- C:\Program Files\NIGHTSTUD V1.0d
2007-01-19 03:53 513,152 --a------ C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
2007-01-17 16:16 <DIR> d-------- C:\WINDOWS\vbSkinner
2007-01-17 00:15 <DIR> d-------- C:\Program Files\MP3Gain
2007-01-17 00:09 667,344 --a------ C:\mp3gain-win-1_2_5.exe
2007-01-16 23:22 <DIR> d-------- C:\Program Files\JustBanners
2007-01-16 23:22 <DIR> d-------- C:\Program Files\Idea Tracker
2007-01-16 23:19 <DIR> d-------- C:\Interstellar Law
2007-01-16 23:19 <DIR> d-------- C:\Beat The Broker
2007-01-16 17:08 81,920 --a------ C:\WINDOWS\system32\GkSui20.EXE
2007-01-14 07:15 <DIR> d-------- C:\Program Files\Lame
2007-01-14 07:14 <DIR> d-------- C:\Program Files\GoldWave
2007-01-14 06:15 407,312 --a------ C:\WINDOWS\system32\Msrepl35.dll
2007-01-14 06:15 252,176 --a------ C:\WINDOWS\system32\Msrd2x35.dll
2007-01-12 01:55 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\BookOffice
2007-01-12 01:50 255 ---h----- C:\WINDOWS\system32\mscmx1032.DLL
2007-01-11 17:59 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-01-11 14:55 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2007-01-11 14:55 32,768 --a------ C:\WINDOWS\system32\MCIFR.DLL
2007-01-11 14:55 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-01-11 14:55 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-01-11 14:55 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-01-11 14:55 <DIR> d-------- C:\Program Files\ActorStudio
2007-01-10 23:09 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 17:15 <DIR> d-------- C:\Program Files\DemocracyDemo
2007-01-10 17:11 <DIR> d-------- C:\Program Files\Crooked Money
2007-01-10 17:09 <DIR> d-------- C:\Program Files\Car Thief 6 Demo
2007-01-10 16:53 <DIR> d-------- C:\WINDOWS\Secure Image Pro
2007-01-10 16:50 <DIR> d-------- C:\Program Files\NameSpire
2007-01-10 16:49 <DIR> d-------- C:\Program Files\Ebook Creator
2007-01-10 16:40 <DIR> d-------- C:\Program Files\Dvana
2007-01-10 16:39 <DIR> d-------- C:\whtbwin
2007-01-10 14:03 <DIR> d-------- C:\Ringwood.php_files
2007-01-10 14:03 <DIR> d-------- C:\Nunawading.php_files
2007-01-10 14:03 <DIR> d-------- C:\Knox.php_files
2007-01-10 14:02 <DIR> d-------- C:\Camberwell.php_files
2007-01-10 14:01 <DIR> d-------- C:\statestore.php_files
2007-01-08 19:54 1,473,260 --a------ C:\simpler.exe
2007-01-08 05:07 <DIR> d-------- C:\Program Files\Microsoft Script Debugger
2007-01-07 02:21 <DIR> d-------- C:\YaBB.pl_files
2007-01-06 22:46 286,208 --a------ C:\WINDOWS\system32\Cncs232.dll
2007-01-06 19:01 <DIR> d-------- C:\Program Files\MiniMind
2007-01-06 18:54 <DIR> d-------- C:\Program Files\Easy Uninstaller
2007-01-06 18:52 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-01-06 18:52 <DIR> d--h----- C:\DOCUME~1\Katrina\InstallAnywhere
2007-01-06 18:50 <DIR> d-------- C:\Program Files\Advanced WindowsCare V2
2007-01-06 18:49 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2007-01-06 18:44 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-01-06 18:41 <DIR> d-------- C:\Program Files\Registry Mechanic
2007-01-06 18:40 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-01-06 18:40 <DIR> d-------- C:\WINDOWS\Omniquad Total Security
2007-01-06 18:39 <DIR> d-------- C:\Program Files\XviD
2007-01-06 18:39 <DIR> d-------- C:\Program Files\3ivx
2007-01-06 18:37 <DIR> d-------- C:\Program Files\AddRemove
2007-01-06 18:37 <DIR> d-------- C:\Program Files\Add Remove Plus! 2003
2007-01-06 18:35 <DIR> d-------- C:\Program Files\Your Company Name
2007-01-06 15:56 493,356 --a------ C:\seo-tutorial.exe
2007-01-03 17:25 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-01-03 17:25 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-01-03 17:24 <DIR> d-------- C:\Program Files\DVD Shrink
2007-01-03 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-01-03 17:23 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-01-03 17:22 <DIR> d-------- C:\Program Files\FreeRIP2
2007-01-03 17:09 <DIR> d-------- C:\Program Files\ICQLite
2007-01-03 17:09 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\ICQLite
2007-01-03 17:06 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\iolo
2007-01-03 16:54 <DIR> d-------- C:\Program Files\CCleaner
2007-01-03 16:53 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-01-03 16:53 <DIR> d-------- C:\Program Files\FireTune
2007-01-03 16:53 <DIR> d-------- C:\Program Files\Currency Converter
2007-01-03 16:47 73,728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2007-01-03 16:42 <DIR> d-------- C:\Rhymesaurus 1.4
2007-01-03 14:40 <DIR> d-------- C:\Incomplete
2007-01-02 07:14 <DIR> d-------- C:\Finished
2007-01-01 17:14 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\IMBT
2006-12-28 19:46 886,784 --a------ C:\WINDOWS\ebook_library.dll
2006-12-28 19:46 <DIR> d-------- C:\Program Files\SPCK Software
2006-12-28 19:45 <DIR> d-------- C:\Program Files\CPoint
2006-12-27 16:01 255 ---h----- C:\WINDOWS\system32\607937410pr1.dll
2006-12-26 14:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-26 14:26 <DIR> d-------- C:\eecdff3d1a0b2b24774e54140910b2
2006-12-26 12:46 <DIR> d-------- C:\DOCUME~1\Katrina\amaya
2006-12-26 08:08 <DIR> d-------- C:\DOCUME~1\Katrina\Shared
2006-12-26 06:16 <DIR> d-------- C:\Websiteconverter
2006-12-26 04:43 13,526 --a------ C:\WINDOWS\system32\msctst32.dll
2006-12-26 04:26 104 ---hs---- C:\WINDOWS\WSYS049.SYS
2006-12-25 05:37 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\TrojanHunter
2006-12-24 22:57 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-24 22:57 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-24 22:57 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2006-12-24 22:57 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2006-12-24 22:57 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-24 22:57 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-24 22:57 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-24 22:57 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-24 22:57 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-24 22:56 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-12-24 22:49 <DIR> d-------- C:\RegRip
2006-12-24 22:48 <DIR> d-------- C:\Karen's Version Browser
2006-12-24 22:47 <DIR> d-------- C:\Karen's Computer Profiler
2006-12-24 22:42 <DIR> d-------- C:\Karen's Power Tools
2006-12-24 22:40 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-24 22:40 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-24 22:32 44,547 --a------ C:\WINDOWS\srinst.exe
2006-12-24 22:32 <DIR> d-------- C:\Program Files\SRHTML98
2006-12-24 22:31 <DIR> d-------- C:\smgenoff
2006-12-24 22:29 258,048 --a------ C:\WINDOWS\system32\ExtFrm.dll
2006-12-24 21:43 355,840 --a------ C:\WINDOWS\winctl32.dll
2006-12-24 21:43 201,216 --a------ C:\WINDOWS\pvplus32.dll
2006-12-24 21:43 <DIR> d-------- C:\Program Files\WebGenie Software
2006-12-24 21:38 49,152 --a------ C:\WINDOWS\system32\MSCDRUN.DLL
2006-12-24 21:37 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2006-12-24 20:10 <DIR> d-------- C:\Program Files\vv
2006-12-24 20:09 <DIR> d-------- C:\Program Files\UFU
2006-12-24 19:44 13 ---h----- C:\DOCUME~1\ALLUSE~1\Application Data\ÃÇŽ>ã3113>.sys
2006-12-24 19:43 13 ---h----- C:\DOCUME~1\ALLUSE~1\Application Data\13.sys
2006-12-24 19:43 <DIR> d-------- C:\CoffeeCup Software
2006-12-24 19:29 18,944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL
2006-12-24 19:29 <DIR> d-------- C:\Program Files\CoffeeCup Software
2006-12-24 19:22 <DIR> d-------- C:\Hockey
2006-12-24 19:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2006-12-24 19:13 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2006-12-24 19:13 <DIR> d-------- C:\HtmlRemover
2006-12-24 19:12 <DIR> d-------- C:\DiskCheck
2006-12-24 00:32 <DIR> d--h----- C:\SGLAB3F1F65FC513581
2006-12-24 00:32 <DIR> d--h----- C:\BU243C6382AB3F1F65FC513581
2006-12-22 19:39 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\Movie Outline
2006-12-21 18:31 109,568 --a------ C:\WINDOWS\system32\JGFR400.DLL
2006-12-21 18:30 <DIR> d-------- C:\ebookBuilder
2006-12-21 18:26 <DIR> d-------- C:\Program Files\eBookGuard
2006-12-21 18:23 <DIR> d-------- C:\Program Files\DBFrontend
2006-12-21 18:22 <DIR> d-------- C:\Program Files\Practical Scriptwriter
2006-12-21 18:21 <DIR> d-------- C:\WINDOWS\ShellNew
2006-12-21 18:21 <DIR> d-------- C:\Program Files\NoteStudio
2006-12-21 18:20 297,984 --a------ C:\WINDOWS\system32\midas.dll
2006-12-21 18:20 <DIR> d-------- C:\Program Files\MovieWriterPro
2006-12-21 18:18 <DIR> d-------- C:\Program Files\Easy Ebook Creator
2006-12-21 18:13 <DIR> d-------- C:\eBooks Compiler Demo
2006-12-21 18:12 40,960 --a------ C:\WINDOWS\dbrmdwb.exe
2006-12-21 18:12 245,904 --a------ C:\WINDOWS\system32\dbxDgrevCheck.dll
2006-12-21 18:11 937,984 --a------ C:\WINDOWS\npdbplug.dll
2006-12-21 18:11 752,640 --a------ C:\WINDOWS\dbplugin.exe
2006-12-21 18:10 <DIR> d-------- C:\Program Files\D-Fend
2006-12-21 18:08 <DIR> d-------- C:\Kremlin
2006-12-21 18:07 <DIR> d-------- C:\Program Files\SunRav BookOffice 3
2006-12-21 18:07 <DIR> d-------- C:\DOCUME~1\Katrina\Application Data\BookEditor
2006-12-21 18:06 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
2006-12-21 18:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2006-12-21 18:01 <DIR> d-------- C:\vv
2006-12-20 00:39 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-20 00:39 <DIR> d-------- C:\Program Files\Alcohol 120
2006-12-20 00:31 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9021.sys
2006-12-20 00:31 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-20 19:50 -------- d-------- C:\Program Files\peerguardian2
2007-01-20 19:43 -------- d-------- C:\DOCUME~1\Katrina\Application Data\shareaza
2007-01-20 19:38 -------- d-------- C:\Program Files\mozilla firefox
2007-01-20 18:44 -------- d-------- C:\Program Files\zonealarm
2007-01-20 18:43 -------- d-------- C:\Program Files\windows defender
2007-01-20 18:42 -------- d-------- C:\Program Files\trend micro
2007-01-20 18:41 -------- d-------- C:\Program Files\spywareguard
2007-01-20 01:46 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 23:58 -------- d-------- C:\Program Files\ad-aware se professional
2007-01-19 11:26 -------- d-------- C:\Program Files\restore desktop
2007-01-16 23:50 -------- d-------- C:\Program Files\winamp
2007-01-16 23:43 -------- d-------- C:\Program Files\msn messenger
2007-01-16 23:18 286720 --------- C:\WINDOWS\setup1.exe
2007-01-16 16:46 -------- d-------- C:\Program Files\spywareblaster
2007-01-16 01:31 69824 --a------ C:\WINDOWS\system32\drivers\LxrJD31d.sys
2007-01-16 01:31 61440 --a------ C:\WINDOWS\system32\lxrjd20sat.dll
2007-01-16 01:31 53248 --a------ C:\WINDOWS\system32\lxrjd31s.exe
2007-01-16 01:31 249856 --a------ C:\WINDOWS\system32\lxrjd31.dll
2007-01-16 01:31 167936 --a------ C:\WINDOWS\system32\lxrjd31c.exe
2007-01-16 01:31 146432 --a------ C:\WINDOWS\system32\lxrjd31p.exe
2007-01-06 11:52 -------- d-------- C:\DOCUME~1\Katrina\Application Data\azureus
2007-01-04 15:31 118 --a------ C:\WINDOWS\system32\binder functions.dll
2007-01-03 17:23 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-29 04:44 -------- d---s---- C:\DOCUME~1\Katrina\Application Data\microsoft
2006-12-26 13:22 -------- d-------- C:\Program Files\symantec
2006-12-26 08:11 4605 --a------ C:\DOCUME~1\Katrina\Application Data\cabos.plist
2006-12-24 22:43 73216 --------- C:\WINDOWS\st6unst.exe
2006-12-22 19:39 -------- d-------- C:\Program Files\movie outline 2.0
2006-12-22 15:02 -------- d-------- C:\Program Files\nvu
2006-12-21 18:32 -------- d-------- C:\Program Files\yadu digital
2006-12-20 07:00 45568 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2006-12-19 19:19 -------- d-------- C:\DOCUME~1\Katrina\Application Data\ahead
2006-12-17 07:05 -------- d-------- C:\DOCUME~1\Katrina\Application Data\frostwire
2006-12-15 12:13 -------- d-------- C:\Program Files\knowbase
2006-12-14 23:26 -------- d-------- C:\Program Files\treepadviewer
2006-12-14 22:42 -------- d-------- C:\Program Files\treepadlite
2006-12-14 22:18 -------- d-------- C:\Program Files\pagefour
2006-12-13 22:52 -------- d-------- C:\Program Files\ywriter2
2006-12-12 08:36 -------- d-------- C:\Program Files\videoinspector
2006-12-09 14:56 -------- d-------- C:\Program Files\natata ebook compiler free
2006-12-05 02:54 -------- d-------- C:\Program Files\dosbox-0.65
2006-12-04 18:49 -------- d-------- C:\DOCUME~1\Katrina\Application Data\nvu
2006-12-01 22:28 -------- d-------- C:\DOCUME~1\Katrina\Application Data\lavasoft
2006-12-01 22:27 -------- d-------- C:\Program Files\lavasoft
2006-11-30 13:19 -------- d-------- C:\Program Files\selteco
2006-11-27 19:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-26 18:29 -------- d-------- C:\DOCUME~1\Katrina\Application Data\help
2006-11-26 17:57 -------- d-------- C:\Program Files\gimp-2.0
2006-11-26 17:55 -------- d-------- C:\Program Files\Common Files\gtk
2006-11-26 16:00 -------- d-------- C:\Program Files\kc softwares
2006-11-26 02:35 -------- d-------- C:\DOCUME~1\Katrina\Application Data\xara
2006-11-26 02:33 -------- d-------- C:\Program Files\xara
2006-11-26 01:46 -------- d-------- C:\Program Files\softcat
2006-11-08 16:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 2029 --a------ C:\WINDOWS\system32\mscxdlv1.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 22:31 532480 --a------ C:\cwshredder.exe
2006-10-31 19:45 62 --ahs---- C:\DOCUME~1\Katrina\Application Data\desktop.ini
2006-10-31 09:03 83672 --a------ C:\WINDOWS\system32\s32evnt1.dll
2006-10-31 08:56 0 -rahs---- C:\MSDOS.SYS
2006-10-31 08:56 0 -rahs---- C:\IO.SYS
2006-10-31 08:56 0 --a------ C:\CONFIG.SYS
2006-10-31 08:56 0 --a------ C:\AUTOEXEC.BAT
2006-10-27 23:59 47104 --a------ C:\ATF-Cleaner.exe
2006-10-27 23:44 28672 --a------ C:\windows-xp-prefetch-clean-and-control.exe
2006-10-27 08:26 69632 --a------ C:\WINDOWS\system32\vuins32.dll
2006-10-20 00:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\ZoneAlarm\\zlclient.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Regsister WScript"="wscript -regserver"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS7"="\"C:\\Program Files\\Steganos Security Suite 7\\SSS7.exe\" -firstboot"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"SSS7"="\"C:\\Program Files\\Steganos Security Suite 7\\SSS7.exe\" -firstboot"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
"backup"="C:\\WINDOWS\\pss\\Trend Micro Anti-Spyware.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\TRENDM~1\\Tmas.exe -autostart"
"item"="Trend Micro Anti-Spyware"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Katrina^Start Menu^Programs^Startup^MiniMinder.lnk]
"backup"="C:\\WINDOWS\\pss\\MiniMinder.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MiniMind\\MiniMind.exe "
"item"="MiniMinder"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreDesktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RestoreDesktop"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasDTServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunasDtServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasDtServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunasServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sunbelt Software\\CounterSpy Client\\sunasServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="THGuard"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=dword:00000002
"SDhelper"=dword:00000002
"WinDefend"=dword:00000002
"SLEE_81_SERVICE"=dword:00000002
"LxrJD31s"=dword:00000002
"GB-PVR Recording Service"=dword:00000002
"AVG Anti-Spyware Guard"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\JDSecure\Windows\JDSecure31.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69b35a06-714d-11db-a92a-000d616cef74}]
Shell\AutoRun\command D:\JDSecure\Windows\JDSecure31.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e46db5f-68b9-11db-9442-806d6172696f}]
Shell\AutoRun\command D:\JDSecure\Windows\JDSecure31.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 07-01-20 19:54:04
C:\ComboFix2.txt ... 07-01-20 19:38
HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 8:00:16 PM, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SLEE81.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\HijackThis\HijackThis.exe
C:\Program Files\SpywareGuard\sgbhp.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 2247132000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file:///E:/SuperCD/IntraLaunch.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Program Files\Common Files\eztools\eztoolslib2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GB-PVR Recording Service - Unknown owner - c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe