Unusual Browser Behavior

While running Opera 9.6 on my Windows XP SP3 machine, I had some odd things happen which makes me suspect I may have a virus:

When attempting to go to two websites I frequent, one came up with a text message (I am alive), and another, a picture of an oriental person with fists clenched. They didn't stay though, so I'm thinking there's something unusual going on with my pc. I've run bitdefender deep scans twice and it doesn't detect anything. (There are some unscanned files, belonging to some games, like Savage 2, which were overcompressed.)

Any ideas as to how to proceed? Thanks for the help.

Here's my HijackThis! Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:06:04 AM, on 3/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\DWA-160\AirNCFG.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\RioMSC.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe

C:\Program Files\Curse\CurseClient.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Paltalk Messenger\paltalk.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Winamp Remote\bin\Orb.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: dBpowerAMP.lnk.disabled

O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://groups.msn.com

O15 - Trusted Zone: http://www.prms.org

O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18...o-ob-assets.cab

O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/f...l-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab

O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.28/slot...i-ob-assets.cab

O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spa...s-ob-assets.cab

O16 - DPF: Sweet Tooth TM by pogo - http://solitaire04.pogo.com/applet-5.8.4.1...h-ob-assets.cab

O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.0.1.28/...k-ob-assets.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093076439718

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 15122 bytes

Use this to clean up junk left by other AV product: http://www.grisoft.cz/filedir/util/avg_arm.../avgremover.exe

After that...

Please do this:

Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post.

Not sure if you meant the HijackThis! Log or the combofix, but here's both... A few notes: I did run the avg cleanup as instructed, but Combofix indicated it was still running. Don't know how that is, since I ran the cleanup tool. Also, I couldn't find a way to shut off bitdefender, which is why that is on also. After the machine reboot (when combofix was done), I was being redirected to a different site that I go to when I typed in http://www.bitdefender.com. In the meantime, I deleted the ANIO service from my and rebooted, and fortunately can access this site again. Thanks for the help so far, it's greatly appreciated. What do I need to do next?

ComboFix 09-03-02.03 - Tom 2009-03-03 10:30:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.328 [GMT -5:00]

Running from: c:\documents and settings\Tom\My Documents\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)

FW: BitDefender Firewall *enabled*

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\npf.sys

c:\windows\system32\packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wanpacket.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))

.

2009-03-03 04:13 . 2009-03-03 04:12 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-03 04:08 . 2009-03-03 04:08 <DIR> d-------- c:\program files\OpenOffice.org 3

2009-03-03 04:08 . 2009-03-03 04:08 <DIR> d-------- c:\program files\JRE

2009-03-03 04:08 . 2009-03-03 04:12 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-03 04:07 . 2009-03-03 04:07 <DIR> d-------- c:\program files\Common Files\Java

2009-03-03 03:33 . 2009-03-03 03:34 <DIR> d-------- C:\95ba8a54bb2df11e0125ac140aee

2009-03-03 03:32 . 2009-03-03 03:50 <DIR> d-------- c:\windows\SxsCaPendDel

2009-03-03 02:40 . 2009-03-03 02:46 <DIR> d-------- c:\program files\Free Easy Burner

2009-03-03 02:40 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\system32\AudFile.dll

2009-03-03 02:40 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\system32\AudioInfos.dll

2009-03-03 02:40 . 2005-02-24 12:51 348,160 --a------ c:\windows\system32\WMAFile.dll

2009-03-03 02:40 . 2003-08-07 13:01 237,568 --a------ c:\windows\system32\lame_enc.dll

2009-03-03 02:40 . 2006-11-18 11:38 200,704 --a------ c:\windows\system32\vbalExpBar6.ocx

2009-03-03 02:40 . 1998-07-12 22:00 141,312 --a------ c:\windows\system32\MSCMCFR.DLL

2009-03-03 02:40 . 2000-10-01 18:00 119,568 --a------ c:\windows\system32\VB6FR.DLL

2009-03-03 02:40 . 2005-01-10 13:54 116,296 --a------ c:\windows\system32\NCTWMAProfiles.prx

2009-03-03 02:40 . 1998-07-13 17:53 44,544 --a------ c:\windows\system32\GIF89.DLL

2009-03-03 02:40 . 2003-01-26 12:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll

2009-03-03 02:40 . 1998-07-12 18:00 32,768 --a------ c:\windows\system32\CMDLGFR.DLL

2009-03-03 02:40 . 1998-07-12 22:00 15,360 --a------ c:\windows\system32\inetfr.DLL

2009-03-03 02:03 . 2009-03-03 02:32 <DIR> d-------- c:\program files\ophcrack

2009-03-01 00:59 . 2009-03-01 00:59 <DIR> d-------- c:\program files\Trend Micro

2009-03-01 00:43 . 2009-03-03 10:46 121 --a------ c:\windows\bdagent.INI

2009-03-01 00:38 . 2009-03-03 10:43 81,984 --a------ c:\windows\system32\bdod.bin

2009-03-01 00:31 . 2009-03-01 00:31 850 --a------ c:\windows\system32\ProductTweaks.xml

2009-03-01 00:31 . 2009-03-01 00:31 385 --a------ c:\windows\system32\user_gensett.xml

2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- c:\windows\system32\logs

2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- c:\documents and settings\Tom\Application Data\BitDefender

2009-03-01 00:27 . 2009-03-01 00:27 <DIR> d-------- C:\Binaries

2009-03-01 00:26 . 2009-03-01 00:26 <DIR> d-------- c:\program files\BitDefender

2009-03-01 00:26 . 2009-03-01 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender

2009-03-01 00:23 . 2009-03-01 00:26 <DIR> d-------- c:\program files\Common Files\BitDefender

2009-02-28 20:00 . 2009-02-28 20:00 <DIR> d-------- C:\371b55ff094ed4c4597742838c0f3a3f

2009-02-25 11:15 . 2009-02-25 11:15 <DIR> d-------- c:\program files\Common Files\xing shared

2009-02-24 20:56 . 2009-02-24 20:56 <DIR> d-------- c:\program files\Opera

2009-02-24 19:56 . 2009-02-24 19:56 <DIR> d-------- c:\program files\Common Files\Logitech

2009-02-24 19:56 . 2009-02-24 19:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI

2009-02-24 17:19 . 2009-02-24 17:53 3,284 --a------ c:\windows\system32\ANIWZCS{80E169A8-AB69-47D7-866F-03F0733D1AF3}

2009-02-24 17:17 . 2009-03-03 10:44 7 --a------ c:\windows\system32\ANIWZCSUSERNAME

2009-02-24 17:05 . 2009-02-24 17:05 <DIR> d-------- c:\program files\ANI

2009-02-24 17:00 . 2009-02-24 17:00 <DIR> d-------- c:\program files\D-Link

2009-02-24 17:00 . 2008-01-31 22:15 560,896 --a------ c:\windows\system32\drivers\rt2870.sys

2009-02-24 16:40 . 2009-02-24 16:40 <DIR> d-------- c:\documents and settings\Tom\Application Data\Logitech

2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-02-24 16:39 . 2009-02-24 16:39 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2009-02-24 16:37 . 2009-02-24 16:37 <DIR> d-------- c:\program files\Logitech

2009-02-24 16:37 . 2009-02-24 16:40 <DIR> d-------- c:\program files\Common Files\Logishrd

2009-02-24 16:37 . 2009-02-24 16:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech

2009-02-24 16:37 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll

2009-02-24 16:37 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll

2009-02-24 16:37 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll

2009-02-24 16:37 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll

2009-02-24 16:37 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll

2009-02-24 16:36 . 2009-02-24 16:36 <DIR> d-------- c:\documents and settings\Tom\Application Data\InstallShield

2009-02-24 16:36 . 2009-02-24 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd

2009-02-24 16:17 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll

2009-02-24 16:17 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2009-02-24 16:17 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys

2009-02-24 16:17 . 2008-04-13 14:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2009-02-03 23:13 . 2009-02-03 23:13 121,808 --a------ c:\windows\system32\ativvaxx.cap

2009-02-03 21:43 . 2009-02-03 21:43 45,056 --a------ c:\windows\system32\aticalrt.dll

2009-02-03 21:42 . 2009-02-03 21:42 45,056 --a------ c:\windows\system32\aticalcl.dll

2009-02-03 21:40 . 2009-02-03 21:40 3,244,032 --a------ c:\windows\system32\aticaldd.dll

2009-02-03 17:03 . 2009-02-03 17:03 104,328 --a------ c:\windows\system32\drivers\bdfndisf.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-03 15:48 --------- d-----w c:\program files\BOINC

2009-03-03 15:45 --------- d-----w c:\program files\Steam

2009-03-03 09:12 --------- d-----w c:\program files\Java

2009-03-02 21:08 --------- d-----w c:\program files\Winamp Remote

2009-03-02 04:09 913,453 ----a-w c:\windows\system32\drivers\fwdrv.err

2009-03-01 16:07 --------- d-----w c:\program files\Microsoft Silverlight

2009-03-01 05:24 --------- d-----w c:\program files\Lavasoft

2009-03-01 05:24 --------- d-----w c:\documents and settings\Tom\Application Data\Lavasoft

2009-02-25 19:44 --------- d-----w c:\program files\Paltalk Messenger

2009-02-25 16:15 --------- d-----w c:\program files\Common Files\Real

2009-02-25 02:25 --------- d-----w c:\program files\RealRhapsody

2009-02-25 01:40 --------- d-----w c:\program files\World of Warcraft

2009-02-25 01:22 --------- d-----w c:\program files\ATI

2009-02-25 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-25 00:20 --------- d-----w c:\program files\ATI Technologies

2009-02-24 22:05 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2003-12-20 00:36 40,960 ----a-w c:\program files\Uninstall_CDS.exe

2008-12-16 22:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll

2008-08-31 14:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]

"Radio365Agent"="c:\progra~1\Live365\Radio365\Radio365TrayAgent.exe" [2008-05-13 884736]

"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]

"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2004-03-10 32768]

"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]

"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Xtreme N Dual Band DWA-160 "="c:\program files\D-Link\DWA-160\AirNCFG.exe" [2008-03-21 1675264]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-25 198160]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-03 136600]

"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Cyndy\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-10-30 2303056]

c:\documents and settings\Tom\Start Menu\Programs\Startup\

dBpowerAMP.lnk.disabled [2004-08-14 728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2007-11-13 4141056]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-24 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-01-28 10950144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"msacm.g723"= g723.acm

"vidc.I263"= I263_32.drv

"MSVideo"= ucdvfw.dll

"VIDC.D263"= xl_x263dec.dll

"VIDC.YV12"= xl_yv12.dll

"VIDC.XJPG"= camfc.dll

"vidc.3IV2"= 3ivxVfWCodec_dec.dll

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"RemoteCenter"=c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE

"Shareaza"="c:\program files\Shareaza\Shareaza.exe" -tray

"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet

"AIM"=c:\progra~1\AIM\aim.exe -cnetwait.odl

"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime

"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

"B'sCLiP"=c:\progra~1\B'SCLI~1\Win2K\BSCLIP.exe

"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"ViewMgr"=c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth \\game.dat"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\sacred gold\\Sacred.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv\\Civilization4.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war demo\\medieval2.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\stubbs the zombie\\Stubbs.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\painkiller gold edition\\Bin\\Painkiller.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's railroads demo\\RailRoadsDemo.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=

"c:\\Program Files\\Steam\\steamapps\\common\\the movies demo\\moviesdemo_drm.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\painkiller gold edition\\Bin\\Editor\\PainEditor.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-06-02 9344]

R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-19 24652]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-02-03 104328]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

S3 pfsvgae;pfsvgae;\??\c:\docume~1\Tom\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Tom\LOCALS~1\Temp\pfsvgae.sys [?]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-02-24 560896]

S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2004-07-24 899980]

S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2004-06-02 394496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe

\Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe

.

Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

Notify-avgrsstarter - avgrsstx.dll

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Trusted Zone: aol.com\free

Trusted Zone: msn.com\groups

Trusted Zone: prms.org\www

Trusted Zone: yahoo.com\filetransfer.msg

Trusted Zone: yahoo.com\launch

DPF: Dominoes by pogo - hxxp://domino.pogo.com/applet-5.8.5.21/domino/domino-ob-assets.cab

DPF: Fortune Bingo by pogo - hxxp://superbingo.pogo.com/applet-5.8.4.18/superbingo/superbingo-ob-assets.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: Payday FreeCell by pogo - hxxp://freecell.pogo.com/applet-5.8.4.24/freecell/freecell-ob-assets.cab

DPF: Phlinx by pogo - hxxp://game4.pogo.com/applet-6.0.1.28/flinger/flinger-ob-assets.cab

DPF: SciFi Slots by pogo - hxxp://scifi.pogo.com/applet-6.0.1.28/slots/scifi-ob-assets.cab

DPF: Spades by pogo - hxxp://spades.pogo.com/applet-5.8.4.24/spades/spades-ob-assets.cab

DPF: Sweet Tooth TM by pogo - hxxp://solitaire04.pogo.com/applet-5.8.4.18/sweettooth/sweettooth-ob-assets.cab

DPF: Tank Hunter by pogo - hxxp://playweb14.pogo.com/applet-6.0.1.28/tank/tank-ob-assets.cab

FF - ProfilePath - c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\w1dud3nf.default\

FF - prefs.js: browser.startup.homepage - hxxp://beeradvocate.com/forum/|http://www.good-music-guide.com/community/index.php|http://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN|http://www.berkshirerecordoutlet.com/|http://www.beeryard.com/|http://www.recipezaar.com/|http://training.fitness.com/|http://www.buzzen.com/chat/find.php?cat=PR|http://192.168.1.1/cgi-bin/webcm?getpage=../html/index_real.html&var:conname=connection0&var:contype=pppoe|http://thenightbreed.guildlaunch.com/forums/index.php?gid=4190|about:blank

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPGWrap.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-03 10:45:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1176)

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2372)

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2009\vsserv.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Executive Software\DiskeeperLite\DKService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\RioMSC.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\Intel\Intel® Active Monitor\imonNT.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Live365\Radio365\Radio365TrayAgent.exe

c:\program files\BitDefender\BitDefender 2009\seccenter.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\BOINC\boinc.exe

c:\program files\Winamp Remote\bin\Orb.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

c:\program files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe

c:\program files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe

c:\program files\AIM6\aolsoftware.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Completion time: 2009-03-03 10:59:22 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-03 15:59:12

Pre-Run: 51,236,401,152 bytes free

Post-Run: 54,077,530,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

354 --- E O F --- 2009-03-03 08:01:23

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:25 AM, on 3/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\D-Link\DWA-160\AirNCFG.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe

C:\Program Files\Curse\CurseClient.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\BOINC\boincmgr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\BOINC\boinc.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\Paltalk Messenger\paltalk.exe

C:\WINDOWS\system32\RioMSC.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe

C:\Program Files\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exe

C:\Program Files\Winamp Remote\bin\Orb.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [D-Link D-Link Xtreme N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: dBpowerAMP.lnk.disabled

O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://groups.msn.com

O15 - Trusted Zone: http://www.prms.org

O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.8.4.18...o-ob-assets.cab

O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.4.24/f...l-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://game4.pogo.com/applet-6.0.1.28/flin...r-ob-assets.cab

O16 - DPF: SciFi Slots by pogo - http://scifi.pogo.com/applet-6.0.1.28/slot...i-ob-assets.cab

O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.8.4.24/spa...s-ob-assets.cab

O16 - DPF: Sweet Tooth TM by pogo - http://solitaire04.pogo.com/applet-5.8.4.1...h-ob-assets.cab

O16 - DPF: Tank Hunter by pogo - http://playweb14.pogo.com/applet-6.0.1.28/...k-ob-assets.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093076439718

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 15082 bytes

I've tried uploading .zip and .rar but was told I was not permitted to upload that type of file...?

Incidentally, just tried the PC now, and it's still doing odd redirects and blocking URLs. Any ideas?

Sad to say, in the midst of trying various solutions the items that were quarantined have disappeared. The subsequent scans seem to be picking up random malware, but not the one that's doing the downloading.

Good news and bad news - Bad news is I have another infected machine, the good news is I think I know how it got that way. I tried logging into my credit card account and was presented with a digital certificate whose server did not match the name. The server looked ok so I hit Accept, and got redirected to Google. And now the machine is acting like the previously infected one. Any ideas?