More Biff
2006-08-29, 10:01
Hi guys,
I'd appreciate your advice with this problem. I've started to notice erratic behaviour on my PC over the last week - Mozilla Thunderbird locks up when sending mail, other apps don't run at all. Both Spybot and AVG (Free version) get stuck at certain points while scanning my disks, and I can't access the System32 folder either. :(
I have attached online virus scan and HJT logs below. Hope they are formatted OK...
============================================
Here is the result from Panda:
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@112.2o7[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@ad.yieldmanager[1].txt
Spyware:Cookie/BannerBank Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@ad10.bannerbank[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@ads.addynamix[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@adtech[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@as1.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@c5.zedo[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cgi-bin[6].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cgi-bin[7].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cs.sexcounter[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@dist.belnk[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@fortunecity[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@hotlog[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@maxserving[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@paycounter[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@spylog[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@statcounter[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@terra.com[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@xiti[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@xxxcounter[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@yadro[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@zedo[2].txt
Virus:Trj/Ruins.MB Disinfected C:\RECYCLER\S-1-5-21-1177238915-884357618-839522115-1004\Dc11\xxx[1].jpg
Virus:Trj/Ruins.MB Disinfected C:\RECYCLER\S-1-5-21-1177238915-884357618-839522115-1004\Dc2.exe
Adware:Adware/SBSoft Not disinfected C:\RECYCLER\S-1-5-21-1177238915-884357618-839522115-1004\Dc3.dll
Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\csnqu.exe
Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmuoh.exe
Adware:Adware/QuickWeb Not disinfected C:\WINDOWS\system32\{EEF25E47-BC4A-4F84-B50B-970A3B4B853E}.exe
===================================================
And here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:38 p.m., on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Dynalink\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{132D1E56-D2C4-4965-B505-D7408DC6F26F}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{4926A78F-93C7-4620-AB97-752428F8DE0A}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{6128C2BC-BEB6-4994-AA19-2B48CBC32B0D}: NameServer = 85.255.113.130 85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{95AF4DC6-75F8-4A82-88C8-F309BFFD1C4B}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD4C4FC8-534A-4320-BFEA-7D88366E5E9C}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{132D1E56-D2C4-4965-B505-D7408DC6F26F}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{132D1E56-D2C4-4965-B505-D7408DC6F26F}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I hope that someone can make sense of all that - I don't really know where to start with it!
Many thanks,
Josh
I'd appreciate your advice with this problem. I've started to notice erratic behaviour on my PC over the last week - Mozilla Thunderbird locks up when sending mail, other apps don't run at all. Both Spybot and AVG (Free version) get stuck at certain points while scanning my disks, and I can't access the System32 folder either. :(
I have attached online virus scan and HJT logs below. Hope they are formatted OK...
============================================
Here is the result from Panda:
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@112.2o7[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@ad.yieldmanager[1].txt
Spyware:Cookie/BannerBank Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@ad10.bannerbank[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@ads.addynamix[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@adtech[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@as1.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@c5.zedo[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@casalemedia[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cgi-bin[6].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cgi-bin[7].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@cs.sexcounter[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@dist.belnk[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@fortunecity[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@hotlog[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@maxserving[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@paycounter[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@serving-sys[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@spylog[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@statcounter[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@terra.com[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@xiti[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@xxxcounter[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@yadro[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Taipan\Cookies\taipan@zedo[2].txt
Virus:Trj/Ruins.MB Disinfected C:\RECYCLER\S-1-5-21-1177238915-884357618-839522115-1004\Dc11\xxx[1].jpg
Virus:Trj/Ruins.MB Disinfected C:\RECYCLER\S-1-5-21-1177238915-884357618-839522115-1004\Dc2.exe
Adware:Adware/SBSoft Not disinfected C:\RECYCLER\S-1-5-21-1177238915-884357618-839522115-1004\Dc3.dll
Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\csnqu.exe
Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmuoh.exe
Adware:Adware/QuickWeb Not disinfected C:\WINDOWS\system32\{EEF25E47-BC4A-4F84-B50B-970A3B4B853E}.exe
===================================================
And here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:38 p.m., on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Dynalink\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Dynalink\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{132D1E56-D2C4-4965-B505-D7408DC6F26F}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{4926A78F-93C7-4620-AB97-752428F8DE0A}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{6128C2BC-BEB6-4994-AA19-2B48CBC32B0D}: NameServer = 85.255.113.130 85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{95AF4DC6-75F8-4A82-88C8-F309BFFD1C4B}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD4C4FC8-534A-4320-BFEA-7D88366E5E9C}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{132D1E56-D2C4-4965-B505-D7408DC6F26F}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113
O17 - HKLM\System\CS2\Services\Tcpip\..\{132D1E56-D2C4-4965-B505-D7408DC6F26F}: NameServer = 85.255.113.130,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.130 85.255.112.113
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
I hope that someone can make sense of all that - I don't really know where to start with it!
Many thanks,
Josh