I tried to remove some nasties, and woke one up.

Below is the Log I got from Hijack.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:34 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PrevxCSI\PrevxCSI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Nevera Restov\Desktop\HiJackThis.exe

O3 - Toolbar: sgoblxtm - {10BDE5C9-141F-4536-86D4-56883348BBA1} - C:\WINDOWS\sgoblxtm.dll
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [Microsoft SpA Service] winbu.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Nevera Restov\cftmon.exe
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKLM\..\RunServices: [Microsoft SpA Service] winbu.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3257] command /c del "C:\WINDOWS\system32\geBqOeBU.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2937] cmd /c del "C:\WINDOWS\system32\geBqOeBU.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2551] command /c del "C:\WINDOWS\b103.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5715] cmd /c del "C:\WINDOWS\b103.exe_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8297] command /c del "C:\WINDOWS\b116.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6791] cmd /c del "C:\WINDOWS\b116.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5764] command /c del "C:\WINDOWS\b152.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4890] cmd /c del "C:\WINDOWS\b152.exe"
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Nevera Restov\cftmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZG1oUNS1J6] C:\Documents and Settings\All Users\Application Data\ctexgter\ctunwhgv.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E6B26C-C4E4-4D5E-AD2B-E535156BE39D}: NameServer = 85.255.114.50,85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\..\{17EBBB43-EF74-4685-9D4E-1792441FF57D}: NameServer = 85.255.114.50,85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\..\{506B92FB-A770-49DE-B465-8EA15A95D517}: NameServer = 85.255.114.50,85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1F6B13E-1B3B-4C23-AD89-9CE8B6A362A3}: NameServer = 85.255.114.50,85.255.112.221
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.50 85.255.112.221
O17 - HKLM\System\CS1\Services\Tcpip\..\{17E6B26C-C4E4-4D5E-AD2B-E535156BE39D}: NameServer = 85.255.114.50,85.255.112.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.50 85.255.112.221
O21 - SSODL: RunOnceRom - {c9494caf-12ae-4e12-8cd5-0708a92e9d68} - C:\WINDOWS\Resources\RunOnceRom.dll
O21 - SSODL: zip - {ea42da37-1908-4c73-86e8-68fde6312772} - C:\WINDOWS\Installer\{ea42da37-1908-4c73-86e8-68fde6312772}\zip.dll
O21 - SSODL: ogxtsepr - {91296627-27AF-47D6-9FBE-39636152E9C4} - C:\WINDOWS\ogxtsepr.dll
O21 - SSODL: dsktbwfe - {E9FC1EF2-B7FA-4DDF-88B0-F9BA8A3051BF} - C:\WINDOWS\dsktbwfe.dll
O21 - SSODL: SrvSetup - {2a632bb5-45e3-4755-b89d-00775b5549b0} - C:\WINDOWS\Resources\SrvSetup.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner (csiscanner) - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

--
End of file - 7311 bytes

Hi

Your system is badly infected. Among all the other pests one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.