I seem to be infected with Smitfraud-C.CoreService.

I started out using adaware 2007 free to remove this which it could not do. then tried Spybot S&D twice once in safemode but is not detected in safemode, but it is still there when I go back to normal.

Here is my KASPERSKY online scanner log and Hijackthis log to follow.

-------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 8:39:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512527
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
K:\
Scan Statistics
Total number of scanned objects 231678
Number of viruses found 21
Number of infected objects 56
Number of suspicious objects 0
Duration of the scan process 01:48:09

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\hsperfdata_LOCAL SERVICE\316 Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\51\4278fa73-4fea0fe6/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\51\4278fa73-4fea0fe6 ZIP: infected - 1 skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-13333dea/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-13333dea/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-13333dea/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\6.0\52\37011574-13333dea ZIP: infected - 3 skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-7c7f1563.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-7c7f1563.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matthew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Matthew\Desktop\SmitfraudFix\SmitfraudFix\SmiUpdate.exe Object is locked skipped
C:\Documents and Settings\Matthew\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Matthew\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matthew\Desktop\web - graphics\www.johnstondandy.com\apdhtml-dm\!deluxe-tuner\deluxetuner.exe Infected: Trojan-Spy.Win32.Banker.flq skipped
C:\Documents and Settings\Matthew\Desktop\web - graphics\www.johnstondandy.com\apdhtml-dm.zip/!deluxe-tuner/deluxetuner.exe Infected: Trojan-Spy.Win32.Banker.flq skipped
C:\Documents and Settings\Matthew\Desktop\web - graphics\www.johnstondandy.com\apdhtml-dm.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matthew\Desktop\web - graphics\www.johnstondandy.com\menu editor\!deluxe-tuner\deluxetuner.exe Infected: Trojan-Spy.Win32.Banker.flq skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matthew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-01-15.18-12-02.log Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\config\configuration\org.eclipse.osgi\.manager\.tmp56023.instance Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\config\configuration\org.eclipse.update\.lock Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\.vc-core-lock Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\ibdata1 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\ib_logfile0 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\ib_logfile1 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhassetcacheitem.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhassetversioncacheitem.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhlink.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhmessage.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhpublishlog.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhpublishserver.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhpublishstateitem.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhresult.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhreview.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhreviewtouser.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhrole.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhschemaversion.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhsequence.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhserverglobals.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhsettings.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhsettingssection.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhthumbnail.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhuser.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhuserrole.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhxmpmetadata.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\database\data\versioncue\bhxmpproperty.ibd Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\temp\ib2 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\temp\ib3 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\temp\ib4 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\temp\ib5 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\data\temp\ib6 Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\logs\VersionCue.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\services.exe.vir Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050737.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050738.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050739.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050746.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050747.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050748.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050750.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050751.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050752.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050753.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050754.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050755.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050756.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050757.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050758.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050759.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050760.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050761.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050762.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050764.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050765.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050767.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050769.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050770.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050771.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050772.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050773.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050774.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050775.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050776.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050777.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050779.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0050781.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0051166.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0051182.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP240\A0051182.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP313\A0070862.dll Infected: not-a-virus:AdWare.Win32.Shopper.q skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP339\A0073532.exe Object is locked skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP340\A0073550.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.25.i skipped
C:\System Volume Information\_restore{24B27BB0-A4B9-4121-857A-F4DB40845266}\RP340\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S2E745656.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\crusoee.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7501.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:44 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA598] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2981] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7910] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181019844092
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaaax - fccaaax.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Free Online Games.com\FOG Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 10633 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

The Waiting Room <<< you must have missed this?http://forums.spybot.info/forumdisplay.php?f=37

If your issue is not resolved, put System Configuration Utility (MSconfig) in Normal Mode so I can see everything, post a new HJT log and describe your symptoms. Post any error messages word for word. If you no longer need help, a quick post will let me know and I can close your topic.

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.