Hi there - recently purchased a secondhand Laptop and just got round to getting it online - however before hand i ran HJT and it has come up with alsorts of stuff - deleted the 01's but come straight back - please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:22 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O1 - Hosts: 202.214.197.173 msk1.drweb.com
O1 - Hosts: 143.10.69.181 msk2.drweb.com
O1 - Hosts: 244.133.217.254 msk3.drweb.com
O1 - Hosts: 16.21.190.242 msk4.drweb.com
O1 - Hosts: 0.217.18.178 boss.drweb.comdrweb.com
O1 - Hosts: 230.77.29.129 norman.com
O1 - Hosts: 152.26.128.40 esaugumas.lt
O1 - Hosts: 195.223.35.152 antivirus.esaugumas.lt
O1 - Hosts: 59.177.66.207 esecurity.lt
O1 - Hosts: 116.154.175.66 bkav.com.vn
O1 - Hosts: 252.92.16.51 aonealarm.com
O1 - Hosts: 250.136.201.136 barracudanetworks.com
O1 - Hosts: 161.248.150.115 free-av.com
O1 - Hosts: 169.153.85.126 avast.com
O1 - Hosts: 205.172.196.235 pandasecurity.com
O1 - Hosts: 79.71.7.45 nod32-es.com
O1 - Hosts: 115.210.38.108 nod32.com
O1 - Hosts: 3.139.141.5 eset.com
O1 - Hosts: 202.2.139.8 nod32.it
O1 - Hosts: 25.158.211.184 nod32.de
O1 - Hosts: 69.23.254.14 nod32.nl
O1 - Hosts: 39.250.6.54 nod32.datsec.de
O1 - Hosts: 154.40.204.17 u0.eset.com
O1 - Hosts: 152.4.150.35 u1.eset.com
O1 - Hosts: 1.86.148.177 u2.eset.com
O1 - Hosts: 109.156.182.154 u3.eset.com
O1 - Hosts: 190.143.132.224 u4.eset.com
O1 - Hosts: 180.73.15.174 u5.eset.com
O1 - Hosts: 188.173.40.154 u6.eset.com
O1 - Hosts: 9.4.209.39 u7.eset.com
O1 - Hosts: 230.228.241.142 u8.eset.com
O1 - Hosts: 75.86.76.190 u9.eset.com
O1 - Hosts: 174.55.177.161 u10.eset.com
O1 - Hosts: 27.223.117.161 u11.eset.com
O1 - Hosts: 135.1.33.107 u12.eset.com
O1 - Hosts: 98.210.104.242 u13.eset.com
O1 - Hosts: 107.110.92.183 u14.eset.com
O1 - Hosts: 200.119.225.73 u15.eset.com
O1 - Hosts: 86.255.97.7 u16.eset.com
O1 - Hosts: 62.168.193.45 u17.eset.com
O1 - Hosts: 201.9.148.15 u18.eset.com
O1 - Hosts: 117.84.143.159 u19.eset.com
O1 - Hosts: 72.54.61.53 u20.eset.com
O1 - Hosts: 100.255.244.144 u21.eset.com
O1 - Hosts: 220.3.8.24 u22.eset.com
O1 - Hosts: 198.64.62.101 u23.eset.com
O1 - Hosts: 145.65.132.5 u24.eset.com
O1 - Hosts: 153.66.223.122 u25.eset.com
O1 - Hosts: 249.148.164.131 u26.eset.com
O1 - Hosts: 160.67.235.157 u27.eset.com
O1 - Hosts: 168.247.65.200 u28.eset.com
O1 - Hosts: 227.24.157.142 u29.eset.com
O1 - Hosts: 182.53.150.66 u30.eset.com
O1 - Hosts: 42.167.210.134 u31.eset.com
O1 - Hosts: 64.113.194.15 u32.eset.com
O1 - Hosts: 133.107.140.173 u33.eset.com
O1 - Hosts: 231.160.73.133 u34.eset.com
O1 - Hosts: 199.244.113.161 u35.eset.com
O1 - Hosts: 79.10.147.172 u36.eset.com
O1 - Hosts: 6.100.74.246 u37.eset.com
O1 - Hosts: 161.204.108.191 u38.eset.com
O1 - Hosts: 29.243.132.177 u39.eset.com
O1 - Hosts: 42.108.178.204 u41.eset.com
O1 - Hosts: 58.244.235.158 u42.eset.com
O1 - Hosts: 16.174.9.182 u43.eset.com
O1 - Hosts: 230.55.157.103 u44.eset.com
O1 - Hosts: 246.44.227.208 u45.eset.com
O1 - Hosts: 71.144.244.21 u46.eset.com
O1 - Hosts: 198.110.60.240 u47.eset.com
O1 - Hosts: 152.191.47.105 u48.eset.com
O1 - Hosts: 175.141.56.225 u49.eset.com
O1 - Hosts: 155.89.242.85 u50.eset.com
O1 - Hosts: 163.187.155.225 u51.eset.com
O1 - Hosts: 21.72.198.131 u52.eset.com
O1 - Hosts: 218.184.79.34 u53.eset.com
O1 - Hosts: 77.73.148.207 u54.eset.com
O1 - Hosts: 78.94.226.74 u55.eset.com
O1 - Hosts: 145.108.46.200 u56.eset.com
O1 - Hosts: 60.22.6.243 u57.eset.com
O1 - Hosts: 178.151.199.51 u58.eset.com
O1 - Hosts: 169.97.15.44 u59.eset.com
O1 - Hosts: 131.3.117.136 u60.eset.com
O1 - Hosts: 219.80.120.246 u61.eset.com
O1 - Hosts: 94.190.182.114 u62.eset.com
O1 - Hosts: 220.12.95.200 u63.eset.com
O1 - Hosts: 158.40.232.83 u64.eset.com
O1 - Hosts: 251.79.4.11 u65.eset.com
O1 - Hosts: 38.118.208.191 u66.eset.com
O1 - Hosts: 74.233.77.158 u67.eset.com
O1 - Hosts: 217.50.20.252 u68.eset.com
O1 - Hosts: 33.60.69.83 u69.eset.com
O1 - Hosts: 32.184.193.136 u70.eset.com
O1 - Hosts: 153.192.153.112 u71.eset.com
O1 - Hosts: 103.186.198.147 u72.eset.com
O1 - Hosts: 18.128.26.48 u73.eset.com
O1 - Hosts: 160.190.118.129 u74.eset.com
O1 - Hosts: 173.155.62.63 u75.eset.com
O1 - Hosts: 190.155.10.105 u76.eset.com
O1 - Hosts: 211.195.158.66 u77.eset.com
O1 - Hosts: 59.255.29.153 u78.eset.com
O1 - Hosts: 172.194.121.76 u79.eset.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Options] rdatasys.
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.google.co.uk/logos/olympics06_ski_jump.gif

--
End of file - 9315 bytes

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D


Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Restore Host File

Download HostsXpert v4.1 (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.
Double click on HostsXpert.exe to launch the program.
Click on Restore MS Hosts File to restore your Hosts file to its default condition.
Click on Make ReadOnly to secure it against further infection. (unless you plan to use another host file)
Exit the program.

Visit the Website (http://www.funkytoad.com/content/view/13/31/) for more information.


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post the ComboFix log along with the Kaspersky log in your reply.

:bigthumb:

Think i've done this right

ComboFix 08-02.01.6 - Owner 2008-02-02 14:55:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.269 [GMT 11:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\tysfvozh.dat
C:\WINDOWS\system32\tysfvozh_nav.dat
C:\WINDOWS\system32\tysfvozh_navps.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-01-26 05:26 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-25 06:48 . 2008-01-25 06:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 06:29 . 2008-01-25 06:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-01-16 09:24 . 2008-01-16 09:24 <DIR> d-------- C:\Program Files\IObit
2008-01-04 10:52 . 2008-01-04 10:59 <DIR> d-------- C:\3eb923e6f0324330714b6c29f56a68

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 22:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-29 13:49 --------- d-----w C:\Program Files\DivX
2008-01-25 19:37 --------- d-----w C:\Program Files\Optus Internet Security Suite
2008-01-25 19:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-25 18:41 --------- d-----w C:\Program Files\BitTorrent
2008-01-23 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-04 00:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-01-02 02:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\VideoEgg
2007-12-20 19:02 --------- d-----w C:\Program Files\RegistryFix
2007-12-20 01:35 --------- d-----w C:\Program Files\JL2005A
2007-12-19 20:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Kristanix Software
2007-12-19 01:17 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-17 12:26 --------- d-----w C:\Program Files\Lavasoft
2007-12-17 12:26 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2007-12-17 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-17 12:23 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-12-17 12:22 --------- d-----w C:\Program Files\LimeWire
2007-12-03 14:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-05 12:31 77824]
"SMSERIAL"="sm56hlpr.exe" [2004-06-29 18:42 569344 C:\WINDOWS\sm56hlpr.exe]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 23:00 44032]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-18 07:48 439872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 21:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 11:50 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-15 11:08 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Options"= rdatasys.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"SMSERIAL"=sm56hlpr.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 12:42]
R0 VirtualK;VirtaulK;C:\WINDOWS\system32\drivers\VirtualK.sys [2003-11-27 20:48]
R3 skbusenum;SKBus Enumerator;C:\WINDOWS\system32\DRIVERS\skbusenum.sys [2004-12-16 13:20]
S3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-17 13:33]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys []
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2005-05-09 20:22]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 22:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 22:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 22:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 22:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 22:12]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 15:00:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
.
**************************************************************************
.
Completion time: 2008-02-02 15:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 04:03:55
.
2008-02-01 14:51:52 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:56 PM, on 2/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Options] rdatasys.
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.google.co.uk/logos/olympics06_ski_jump.gif

Do you have the Kaspersky log ?