Hey Dan
Firstly, I tried Jotti and got this:
'The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'
Now for the latest files:
ComboFix 08-04-22.5 - Colin Weston 2008-04-23 21:14:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.198 [GMT 1:00]
Running from: D:\Documents and Settings\Colin Weston.HOMECPU\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Colin Weston.HOMECPU\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\system32\mmf(2)(2).sys
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\uutmnmbw.dll
C:\WINDOWS\system32\winsrc.dll.tmp
D:\DOCUME~1\COLINW~1\LOCALS~1\Temp\gel90xne.sys
D:\Documents and Settings\All Users\Application Data\bsbaxyzy.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\fixwareout
C:\fixwareout\dnsbak.reg
C:\fixwareout\FindT\clsid.bak
C:\fixwareout\FindT\dumphive.exe
C:\fixwareout\FindT\FixWareOut.reg
C:\fixwareout\FindT\missing.txt
C:\fixwareout\FindT\nircmd.exe
C:\fixwareout\FindT\patterns.txt
C:\fixwareout\FindT\rbot.bat
C:\fixwareout\FindT\RestartIt.exe
C:\fixwareout\FindT\runback.txt
C:\fixwareout\FindT\runs.vbs
C:\fixwareout\FindT\swreg.exe
C:\fixwareout\FindT\vfind.exe
C:\fixwareout\FindT\XP-2K2.cmd
C:\fixwareout\FixIt.BAT
C:\fixwareout\report.txt
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\system32\mmf(2)(2).sys
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\uutmnmbw.dll
C:\WINDOWS\system32\winsrc.dll.tmp
D:\Documents and Settings\All Users\Application Data\bsbaxyzy.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GEL90XNE
-------\Service_gel90xne
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 18:05 . 2008-04-22 18:05 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\OD2
2008-04-22 08:00 . 2008-04-22 08:00 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\DVDFab
2008-04-21 22:20 . 2008-04-21 22:20 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-21 22:09 . 2008-04-21 22:10 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-21 22:02 . 2008-04-21 22:02 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\RipIt4Me
2008-04-21 08:16 . 2008-04-21 08:16 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\SuperAdBlocker.com
2008-04-21 08:16 . 2008-04-21 08:17 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-04-21 08:15 . 2008-04-21 08:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 07:59 . 2008-04-21 08:28 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\Vso
2008-04-20 21:09 . 2008-04-20 21:11 <DIR> d-------- C:\Program Files\Panda Security
2008-04-20 20:59 . 2008-04-20 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 10:42 . 2008-04-20 10:42 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\CyberLink
2008-04-19 19:55 . 2008-04-20 06:25 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\Ulead Systems
2008-04-19 19:37 . 2008-04-19 19:37 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\Template
2008-04-19 19:37 . 2008-04-23 18:57 878 --a------ D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\wklnhst.dat
2008-04-19 16:14 . 2008-04-20 20:31 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\AVG7
2008-04-19 15:59 . 2008-04-19 15:59 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\Lavasoft
2008-04-19 15:56 . 2004-08-04 15:00 5,632 --a------ C:\WINDOWS\system32\winver.exe
2008-04-19 15:56 . 2004-08-04 15:00 5,632 --a------ C:\WINDOWS\system32\dllcache\winver.exe
2008-04-19 15:00 . 2008-04-19 15:00 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\Sports Interactive
2008-04-19 14:31 . 2008-04-19 14:31 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\AdobeUM
2008-04-19 13:32 . 2008-04-19 13:32 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2008-04-19 13:31 . 2008-04-19 13:31 <DIR> d--hs---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000
2008-04-19 13:31 . 2008-04-19 13:31 <DIR> d--hs---- D:\Documents and Settings\LocalService.NT AUTHORITY.000
2008-04-19 13:31 . 2005-12-10 13:47 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\You've Got Pictures Screensaver
2008-04-19 13:31 . 2005-12-10 13:50 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\Symantec
2008-04-19 13:31 . 2005-12-10 14:01 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU\Application Data\AOL
2008-04-19 13:31 . 2008-04-23 08:02 <DIR> d-------- D:\Documents and Settings\Colin Weston.HOMECPU
2008-04-19 13:31 . 2008-04-23 21:18 1,024 --ah----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG
2008-04-19 13:31 . 2008-04-23 21:18 1,024 --ah----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG
2008-04-19 13:31 . 2008-04-23 21:19 1,024 --ah----- D:\Documents and Settings\Colin Weston.HOMECPU\ntuser.dat.LOG
2008-04-19 11:51 . 2008-04-19 18:15 <DIR> d-------- C:\Program Files\IE Extensions
2008-04-02 22:28 . 2008-04-02 22:28 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-04-02 20:08 . 2008-04-02 20:08 <DIR> d-------- C:\Program Files\SlySoft
2008-04-02 20:08 . 2008-04-02 20:24 48 ---hs---- C:\WINDOWS\S36ECE84F.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 20:19 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-23 19:52 --------- d-----w C:\Program Files\Might and Magic VI
2008-04-23 16:53 --------- d-----w C:\Program Files\LimeWire
2008-04-20 18:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-02 21:09 --------- d-----w D:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-04-02 19:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-16 21:27 --------- d-----w C:\Program Files\Kontiki
2008-03-16 12:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\RapidSolution
2008-03-16 11:52 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-03-15 19:45 --------- d-----w C:\Program Files\Java
2008-02-27 16:10 --------- d-----w C:\Program Files\Alawar
2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-13 20:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
2005-07-14 11:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2005-02-28 12:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-23_18.16.01.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 17:11:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 20:18:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 20:18:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat
+ 2008-04-23 20:18:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_774.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 09:28 1564672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 17:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 20:09 219136]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-01-01 16:58:19 962661]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-12-10 13:33:56 331776]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.iv41"= ir41_32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.yv12"= yv12vfw.dll
"msacm.scg726"= scg726.acm
"msacm.alf2cd"= alf2cd.acm
"vidc.dvsd"= mcdvd_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17390:TCP"= 17390:TCP:BitComet 17390 TCP
"17390:UDP"= 17390:UDP:BitComet 17390 UDP
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-03-25 00:37]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 21:05]
S3 ZD1211U(Cable & Wireless);Cable & Wireless 802.11g Series Wireless LAN USB(Cable & Wireless);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-12-22 21:05]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;C:\WINDOWS\system32\ZDBRGSYS.SYS [2004-06-30 14:54]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-23 21:19:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-23 21:23:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 20:23:17
ComboFix2.txt 2008-04-23 17:16:24
Pre-Run: 12,997,148,672 bytes free
Post-Run: 12,979,126,272 bytes free
234 --- E O F --- 2008-04-20 22:21:35
---------------------------------------------------------------
Malwarebytes' Anti-Malware 1.11
Database version: 675
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 134638
Time elapsed: 46 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cj.cjmgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cj.cjmgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bug doctor_is1 (Rogue.BugDoctor) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\Installer\{150adb85-cebe-4e1b-afe0-b66027d671b7} (Trojan.Alphabet) -> Quarantined and deleted successfully.
C:\Program Files\IE Extensions (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP540\A0093006.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP540\A0093007.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP541\A0093217.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP541\A0093218.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP540\A0092003.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP541\A0093189.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
------------------------------------------------------
Eset
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3050 (20080423)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=d24850385b4b034e8c6f1bac090357ae
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-04-23 10:12:27
# local_time=2008-04-23 11:12:27 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=355648
# found=1
# scan_time=3382
C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir Win32/TrojanDownloader.FakeAlert.AV trojan B666C7C5EC46C618ABA1172D2494B4BA
--------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:21, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O15 - Trusted Zone:
http://www.toucansurf.comO15 - Trusted Zone:
http://www.toucantele.comO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan ... stubie.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www.truprint.co.uk/TruprintActivia.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.musicwebtown.com/community/i ... oader4.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
http://eu.download.games.yahoo.com/zylo ... loader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{C82457B5-257E-4261-A468-D520AA9E081C}: NameServer = 212.139.132.21 212.139.132.20
O20 - AppInit_DLLs: C:\PROGRA~1\DVDGHO~1\DVDGHO~1.DLL
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O21 - SSODL: RamAlrt - {150adb85-cebe-4e1b-afe0-b66027d671b7} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8714 bytes