Ok then, so here is the Combofix log:
ComboFix 08-07-22.4 - Bobby 2008-07-23 17:19:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.627 [GMT 1:00]
Running from: C:\Documents and Settings\Bobby\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bobby\Application Data\macromedia\Flash Player\#SharedObjects\YL5ND5MV\www.broadcaster.com
C:\Documents and Settings\Bobby\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Bobby\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bobby\Application Data\rhcavdj0e1f5
C:\Documents and Settings\Bobby\Desktop\Error Cleaner.url
C:\Documents and Settings\Bobby\Desktop\Privacy Protector.url
C:\Documents and Settings\Bobby\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Bobby\Favorites\Error Cleaner.url
C:\Documents and Settings\Bobby\Favorites\Privacy Protector.url
C:\Documents and Settings\Bobby\Favorites\Spyware&Malware Protection.url
C:\Program Files\rhcavdj0e1f5
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\system32\blphcevdj0e1f5.scr
C:\WINDOWS\system32\cbXRHbcc.dll
C:\WINDOWS\system32\crxqpeiy.dll
C:\WINDOWS\system32\dgfglehu.dll
C:\WINDOWS\system32\iywyavis.ini
C:\WINDOWS\system32\nnnkJAtU.dll
C:\WINDOWS\system32\ohxbmhhv.dll
C:\WINDOWS\system32\phcevdj0e1f5.bmp
C:\WINDOWS\system32\pphcevdj0e1f5.exe
C:\WINDOWS\system32\ssqQhhFy.dll
C:\WINDOWS\system32\tikete.dll
C:\WINDOWS\system32\tqfeug.dll
C:\WINDOWS\system32\txnayb.dll
C:\WINDOWS\system32\yFhhQqss.ini
C:\WINDOWS\system32\yFhhQqss.ini2
.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.
2008-07-23 17:03 . 2008-07-23 17:03 94,848 --a------ C:\WINDOWS\system32\sivaywyi.dll
2008-07-22 23:09 . 2008-07-23 17:01 43,761 --ahs---- C:\WINDOWS\system32\bsshvejj.ini
2008-07-21 19:25 . 2008-07-21 19:25 0 --a------ C:\WINDOWS\system32\6A.tmp
2008-07-21 18:41 . 2008-07-21 19:20 94,208 --a------ C:\WINDOWS\system32\69.tmp
2008-07-21 17:59 . 2008-07-21 17:59 0 --a------ C:\WINDOWS\system32\79.tmp
2008-07-21 17:58 . 2008-07-21 17:58 0 --a------ C:\WINDOWS\system32\78.tmp
2008-07-21 17:56 . 2008-07-21 17:56 0 --a------ C:\WINDOWS\system32\77.tmp
2008-07-21 17:54 . 2008-07-21 17:54 0 --a------ C:\WINDOWS\system32\76.tmp
2008-07-21 17:27 . 2008-07-21 17:27 0 --a------ C:\WINDOWS\system32\75.tmp
2008-07-21 14:45 . 2008-07-22 23:07 43,993 --ahs---- C:\WINDOWS\system32\umywwhfk.ini
2008-07-21 14:44 . 2008-07-21 14:44 43,521 --ahs---- C:\WINDOWS\system32\fswurncu.ini
2008-07-21 14:14 . 2008-07-18 05:56 163,840 --a------ C:\WINDOWS\edel.exe
2008-07-21 14:14 . 2008-07-18 05:56 102,400 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-15 18:45 . 2008-07-15 18:45 <DIR> d-------- C:\Documents and Settings\Bobby\Application Data\Windows Live Writer
2008-07-15 09:08 . 2008-07-15 09:08 <DIR> d-------- C:\WINDOWS\system32\FlashAX2
2008-07-15 08:58 . 2008-07-15 08:58 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-07-15 08:58 . 2008-07-15 08:58 <DIR> d-------- C:\MicroGaming
2008-07-15 08:58 . 2008-07-15 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microgaming
2008-07-15 08:58 . 2008-07-15 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-07-13 12:52 . 2008-07-13 12:52 <DIR> d-------- C:\Program Files\iTunes
2008-07-13 12:52 . 2008-07-13 12:52 <DIR> d-------- C:\Program Files\iPod
2008-07-13 12:51 . 2008-07-13 12:51 <DIR> d-------- C:\Program Files\Bonjour
2008-07-13 12:50 . 2008-07-13 12:51 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-21 10:25 --------- d-----w C:\Documents and Settings\Bobby\Application Data\uTorrent
2008-07-17 21:32 --------- d-----w C:\Program Files\Cyanide
2008-07-13 11:41 --------- d-----w C:\Program Files\Safari
2008-07-12 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-12 07:45 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-12 07:44 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-12 07:44 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-19 08:59 --------- d-----w C:\Program Files\AVG
2008-06-19 08:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 19:34 --------- d-----w C:\Program Files\Nokia Map Loader
2008-06-17 19:34 --------- d-----w C:\Program Files\Nokia
2008-06-17 19:33 --------- d-----w C:\Program Files\MSBuild
2008-06-17 19:29 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 13:27 --------- d-----w C:\Program Files\Freecom Personal Media Suite
2008-06-10 13:27 --------- d-----w C:\Program Files\Freecom Backup Software
2008-06-10 09:44 --------- d-----w C:\Program Files\Boost XP
2008-06-08 14:45 --------- d-----w C:\Program Files\IrfanView
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-01-31 13:58 87,608 ----a-w C:\Documents and Settings\Bobby\Application Data\ezpinst.exe
2007-01-31 13:58 47,360 ----a-w C:\Documents and Settings\Bobby\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{68C70CAA-478A-4E77-ADF7-A4566A68B4AE}"= "C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll" [2008-02-06 18:48 1204224]
[HKEY_CLASSES_ROOT\clsid\{68c70caa-478a-4e77-adf7-a4566a68b4ae}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{68C70CAA-478A-4E77-ADF7-A4566A68B4AE}"= "C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll" [2008-02-06 18:48 1204224]
[HKEY_CLASSES_ROOT\clsid\{68c70caa-478a-4e77-adf7-a4566a68b4ae}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00107.FCTB00107]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 10:52 185632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 04:10 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 04:10 81920]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-12 08:45 1232152]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"88f05b49"="C:\WINDOWS\system32\sivaywyi.dll" [2008-07-23 17:03 94848]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-07-23 04:10 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-06 12:46:55 113664]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-10-15 13:46:16 503869]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-27 17:14:42 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= rddv1046.dll
"midi1"= rddv1046.dll
"msacm.dvacm"= dvacm.acm
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"C:\\Program Files\\Cyanide\\Pro Cycling Manager - Saison 2006\\PCM.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\SkillGround\\Games\\UTG\\Main.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58993:TCP"= 58993:TCP:Pando P2P TCP Listening Port
"58993:UDP"= 58993:UDP:Pando P2P UDP Listening Port
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-12 08:44]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-12 08:44]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-12 08:44]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-12 08:45]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 12:11]
R3 Bonifay;Bonifay;C:\WINDOWS\system32\DRIVERS\Bonifay.sys [2005-11-28 21:55]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 MBLAUDRV;Mobiola Audio Service;C:\WINDOWS\system32\drivers\BTCamAudioDrv.sys [2007-07-31 15:27]
R3 RDID1046;EDIROL UA-25;C:\WINDOWS\system32\Drivers\rdwm1046.sys [2004-04-02 02:07]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 18:45]
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys []
S3 Gonzales;Gonzales;C:\WINDOWS\system32\DRIVERS\Gonzales.sys [2005-12-13 15:10]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 18:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-23 09:47:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -
BHO-{7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\rqRIbcyA.dll
BHO-{BD19D8FE-624C-4259-8342-C2922F51EC2E} - C:\WINDOWS\kgxmotaptbp.dll
Toolbar-{F4A52746-813B-4276-A8D7-E2ABD0C8C8A8} - C:\WINDOWS\qndsfmao.dll
HKCU-Run-Boost XP Service - C:\Program Files\Boost XP\bxservice.exe
HKLM-Run-SMrhcavdj0e1f5 - C:\Program Files\rhcavdj0e1f5\rhcavdj0e1f5.exe
ShellExecuteHooks-{7EBB7DA6-2369-450D-980F-9A2311A99ACF} - C:\WINDOWS\system32\rqRIbcyA.dll
SSODL-evgratsm-{8AA8B6D5-BA7F-4440-952E-6CAA834C1FBE} - C:\WINDOWS\evgratsm.dll
SSODL-kvxqmtre-{E1E9CBEB-C6F8-4736-9B4F-69B6DE83DDCE} - C:\WINDOWS\kvxqmtre.dll
Notify-rqRIbcyA - rqRIbcyA.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;*.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1830/SkillGround.cab
C:\WINDOWS\Downloaded Program Files\SkillGround.inf
O16 -: {4F912770-A045-4603-951E-9B8377084354} - hxxp://a19.g.akamai.net/7/19/7125/1450/uk.coupons.com/pmgr/r3302/cpbrukie2.cab
C:\WINDOWS\Downloaded Program Files\cpbrukie2.inf
C:\WINDOWS\cpbrukie2.ocx
O16 -: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
C:\WINDOWS\Downloaded Program Files\ConnectorLauncher.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-23 17:27:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-23 17:43:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 16:42:14
Pre-Run: 41,309,167,616 bytes free
Post-Run: 41,207,681,024 bytes free
263 --- E O F --- 2008-07-14 11:27:08
Here is the hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.msn.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.blueyonder.co.uk/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [88f05b49] rundll32.exe "C:\WINDOWS\system32\sivaywyi.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) -
http://www1.skillgro...SkillGround.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) -
http://musicmix.mess.../Medialogic.CABO16 - DPF: {4F912770-A045-4603-951E-9B8377084354} (cpbrukie2 Control) -
http://a19.g.akamai....2/cpbrukie2.cabO16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) -
http://webeffective....torLauncher.cabO16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) -
http://www.slide.com...ageUploader.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://signin9.valu...018/flashax.cabO16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) -
https://bellerock.mi...ay/FlashAX2.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Bobby/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Bobby/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 11453 bytes
Thanks very much for your help, hope we're nearly there now