Random named file running in temp folder

Hi, I have a randomly named file running as a hidden file in the temp folder - looks nasty. Here is my hijack this log. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:45, on 13/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA ~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPE R~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7313 bytes

To clean your temp folder, recycle bin, etc..please download this free tool:

CCleaner

Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.

Uncheck cookies

Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.


Then Reboot (Exit)




Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Hi there, thanks and here is the combo log:

ComboFix 09-04-14.01 - Owner 14/04/2009 11:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3069.2643 [GMT 7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-13 19:08 . 2009-04-13 19:10 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-13 13:27 . 2009-04-13 13:27 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-04-13 11:00 . 2009-04-13 11:00 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-13 11:00 . 2009-04-06 08:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 11:00 . 2009-04-06 08:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 11:00 . 2009-04-13 11:00 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-13 10:38 . 2009-04-13 10:38 -------- d-----w c:\documents and settings\Owner\Application Data\WinPatrol
2009-04-09 09:20 . 2009-04-09 09:20 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-09 04:16 . 2009-04-09 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-09 00:56 . 2001-08-17 15:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-09 00:56 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll
2009-04-09 00:56 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-08 09:03 . 2009-04-08 09:03 -------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-04-08 09:00 . 2009-04-08 09:00 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-08 09:00 . 2009-04-08 09:00 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Apple
2009-04-08 09:00 . 2009-04-08 09:00 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-08 08:59 . 2009-04-08 08:59 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-04-05 07:54 . 2009-04-05 07:54 -------- d-----w c:\windows\Sun
2009-04-03 23:35 . 2009-04-03 23:35 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-03 23:35 . 2009-04-03 23:35 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-03 09:25 . 2008-10-16 07:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-03 09:25 . 2008-10-16 07:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-03 09:25 . 2008-10-16 07:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-03 09:06 . 2009-04-03 09:06 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-04-03 08:53 . 2009-04-03 09:06 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-03 07:37 . 2009-04-14 04:35 -------- d-----w c:\documents and settings\Owner\Tracing
2009-04-03 05:15 . 2009-04-08 09:08 -------- d-----w c:\documents and settings\Owner\Application Data\.purple
2009-04-03 03:37 . 2009-04-03 03:37 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-03 03:37 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-03 03:34 . 2003-09-18 07:32 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-03 03:34 . 2003-09-18 07:32 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-03 03:34 . 2003-09-18 07:32 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-04-03 03:34 . 1998-10-29 09:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-03 03:34 . 2009-04-03 03:34 -------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-04-03 03:33 . 2006-09-13 05:00 197632 ----a-w c:\windows\system32\CNMLM84.DLL
2009-04-03 03:33 . 2009-04-03 03:33 -------- d--h--w c:\windows\system32\CanonIJ Uninstaller Information
2009-04-03 03:21 . 2009-04-03 03:21 -------- d-----w c:\windows\SHELLNEW
2009-04-03 02:18 . 2009-04-03 02:18 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-04-02 13:52 . 2009-04-14 04:16 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 04:23 . 2009-04-02 04:23 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-04-02 04:22 . 2009-04-02 04:22 -------- d-----w c:\windows\ie8updates
2009-04-02 04:22 . 2009-04-02 04:22 -------- dc-h--w c:\windows\ie8
2009-04-02 04:20 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-02 03:56 . 2009-04-02 03:56 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Ahead
2009-04-02 03:54 . 2009-04-02 03:54 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-02 02:23 . 2009-04-02 02:23 -------- d-----w c:\windows\system32\scripting
2009-04-02 02:23 . 2009-04-02 02:23 -------- d-----w c:\windows\system32\en
2009-04-02 02:23 . 2009-04-02 02:23 -------- d-----w c:\windows\system32\bits
2009-04-02 02:23 . 2009-04-02 02:23 -------- d-----w c:\windows\l2schemas
2009-04-02 02:23 . 2009-04-02 02:24 -------- d-----w c:\windows\ServicePackFiles
2009-04-02 02:19 . 2009-04-02 02:19 -------- d-----w c:\windows\EHome
2009-04-02 02:15 . 2008-04-13 18:46 25600 ------w c:\windows\system32\drivers\hidbth.sys
2009-04-01 12:47 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-01 12:47 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-01 12:46 . 2009-03-07 21:34 914944 -c--a-w c:\windows\system32\dllcache\wininet.dll
2009-04-01 12:46 . 2009-03-07 21:34 1206784 -c--a-w c:\windows\system32\dllcache\urlmon.dll
2009-04-01 12:46 . 2008-10-16 01:00 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll
2009-04-01 12:46 . 2009-03-07 21:41 5937152 -c--a-w c:\windows\system32\dllcache\mshtml.dll
2009-04-01 12:46 . 2009-04-11 16:32 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-01 12:41 . 2009-04-01 12:41 0 ----a-w c:\windows\nsreg.dat
2009-04-01 12:40 . 2009-04-01 12:40 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-04-01 12:40 . 2008-08-14 10:09 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-01 12:40 . 2008-08-14 10:11 2189184 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-01 12:40 . 2008-08-14 09:33 2066048 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-01 12:40 . 2008-08-14 09:33 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-01 12:33 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-01 12:33 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-01 12:32 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-01 12:32 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-04-01 12:31 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-01 12:30 . 2008-10-03 10:02 247326 -c----w c:\windows\system32\dllcache\strmdll.dll
2009-04-01 12:30 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-01 12:30 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-04-01 11:46 . 2009-04-01 11:46 -------- d-sh--w c:\documents and settings\Owner\UserData
2009-04-01 11:45 . 2009-04-01 11:45 13646 ----a-w c:\windows\system32\wpa.bak
2009-04-01 11:34 . 2009-04-02 12:10 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-01 11:34 . 2009-04-02 12:10 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-01 11:34 . 2009-04-14 04:35 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-01 11:34 . 2009-04-14 04:34 3655712 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-01 11:34 . 2009-04-14 04:34 352288 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-01 11:34 . 2009-04-14 04:34 3332 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-01 11:34 . 2009-04-14 04:34 31736 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-01 09:18 . 2009-04-01 09:18 268 ---ha-w C:\sqmdata06.sqm
2009-04-01 09:18 . 2009-04-01 09:18 244 ---ha-w C:\sqmnoopt06.sqm
2009-04-01 09:16 . 2009-04-01 09:16 268 ---ha-w C:\sqmdata05.sqm
2009-04-01 09:16 . 2009-04-01 09:16 244 ---ha-w C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-13 11:55 . 2009-04-09 16:35 -------- d-----w c:\program files\Far Cry
2009-04-13 11:00 . 2009-04-13 11:00 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 10:51 . 2009-04-13 10:51 -------- d-----w c:\program files\Trend Micro
2009-04-13 10:38 . 2009-04-13 10:38 -------- d-----w c:\program files\BillP Studios
2009-04-11 16:32 . 2009-04-01 12:46 -------- d-----w c:\program files\SpywareBlaster
2009-04-09 09:27 . 2009-03-31 23:50 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 04:16 . 2009-04-09 04:16 -------- d-----w c:\program files\NOS
2009-04-08 09:00 . 2009-04-08 09:00 -------- d-----w c:\program files\QuickTime
2009-04-08 09:00 . 2009-04-08 09:00 -------- d-----w c:\program files\Apple Software Update
2009-04-07 09:03 . 2009-03-31 23:42 86000 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-03 23:35 . 2009-04-03 23:35 -------- d-----w c:\program files\Java
2009-04-03 08:53 . 2009-04-03 08:53 -------- d-----w c:\program files\Yahoo!
2009-04-03 07:33 . 2009-04-03 07:33 -------- d-----w c:\program files\Microsoft
2009-04-03 07:33 . 2009-04-03 07:33 -------- d-----w c:\program files\Windows Live
2009-04-03 07:33 . 2009-04-03 07:33 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-03 05:15 . 2009-04-03 05:15 -------- d-----w c:\program files\Pidgin
2009-04-03 05:15 . 2009-04-03 05:15 -------- d-----w c:\program files\Common Files\GTK
2009-04-03 03:37 . 2009-04-03 03:30 -------- d-----w c:\program files\Canon
2009-04-03 03:36 . 2009-04-03 03:36 -------- d-----w c:\program files\Common Files\CANON
2009-04-03 03:33 . 2009-04-03 03:33 -------- d--h--w c:\program files\CanonBJ
2009-04-03 03:21 . 2009-04-03 03:21 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-02 15:01 . 2009-04-02 15:01 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-02 14:18 . 2009-04-02 13:52 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-02 12:10 . 2008-01-29 10:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-04-02 05:06 . 2009-04-02 05:06 -------- d-----w c:\program files\CCleaner
2009-04-02 04:22 . 2009-04-02 02:59 -------- d-----w c:\program files\SpywareGuard
2009-04-02 04:14 . 2009-04-02 04:14 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-02 03:56 . 2009-04-02 03:54 -------- d-----w c:\program files\Common Files\Ahead
2009-04-02 03:54 . 2009-04-02 03:54 -------- d-----w c:\program files\Nero
2009-04-02 02:25 . 2009-03-31 23:29 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-02 02:22 . 1980-01-01 00:00 250048 --sha-r C:\ntldr
2009-04-01 11:34 . 2009-04-01 11:34 -------- d-----w c:\program files\Kaspersky Lab
2009-04-01 02:12 . 2009-04-01 02:09 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-01 02:03 . 2009-04-01 02:03 -------- d-----w c:\documents and settings\Owner\Application Data\DAEMON Tools Pro
2009-04-01 02:03 . 2009-04-01 02:03 -------- d-----w c:\documents and settings\Owner\Application Data\DAEMON Tools
2009-04-01 02:02 . 2009-04-01 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-01 02:02 . 2009-04-01 02:02 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-01 02:00 . 2009-04-01 02:00 268 ---ha-w C:\sqmdata04.sqm
2009-04-01 02:00 . 2009-04-01 02:00 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-01 02:00 . 2009-04-01 02:00 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-01 02:00 . 2009-04-01 02:00 -------- d-----w c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2009-04-01 01:22 . 2009-04-01 01:22 268 ---ha-w C:\sqmdata03.sqm
2009-04-01 01:22 . 2009-04-01 01:22 244 ---ha-w C:\sqmnoopt03.sqm
2009-04-01 01:12 . 2009-04-01 01:12 268 ---ha-w C:\sqmdata02.sqm
2009-04-01 01:12 . 2009-04-01 01:12 244 ---ha-w C:\sqmnoopt02.sqm
2009-04-01 01:11 . 2009-04-01 01:11 -------- d-----w c:\program files\Synaptics
2009-04-01 01:11 . 2009-04-01 00:59 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-01 00:59 . 2009-04-01 00:59 268 ---ha-w C:\sqmdata01.sqm
2009-04-01 00:59 . 2009-04-01 00:59 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-01 00:46 . 2009-04-01 00:46 268 ---ha-w C:\sqmdata00.sqm
2009-04-01 00:46 . 2009-04-01 00:46 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-01 00:46 . 2009-04-01 00:46 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-04-01 00:46 . 2009-04-01 00:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01 005.Wdf
2009-04-01 00:03 . 2009-04-01 00:03 -------- d-----w c:\documents and settings\Owner\Application Data\ESET
2009-04-01 00:02 . 2009-04-01 00:02 -------- d-----w c:\program files\ESET
2009-04-01 00:02 . 2009-04-01 00:02 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-31 23:57 . 2009-03-31 23:56 -------- d-----w c:\program files\CONEXANT
2009-03-31 23:54 . 2009-03-31 23:50 -------- d-----w c:\program files\Atheros
2009-03-31 23:50 . 2009-03-31 23:50 -------- d-----w c:\documents and settings\Owner\Application Data\InstallShield
2009-03-31 23:50 . 2009-03-31 23:50 -------- d-----w c:\documents and settings\All Users\Application Data\Atheros
2009-03-31 23:30 . 2009-03-31 23:30 -------- d-----w c:\program files\microsoft frontpage
2009-03-31 23:29 . 2009-03-31 23:29 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-07 21:34 . 1980-01-01 00:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-07 21:34 . 1980-01-01 00:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-07 21:33 . 1980-01-01 00:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-07 21:33 . 1980-01-01 00:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-07 21:32 . 1980-01-01 00:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-07 21:32 . 1980-01-01 00:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-07 21:31 . 1980-01-01 00:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-07 21:31 . 1980-01-01 00:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-07 21:31 . 1980-01-01 00:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-07 21:22 . 1980-01-01 00:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-09 11:13 . 1980-01-01 00:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:52 . 2009-02-06 11:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-01-20 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-23 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-02-23 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-02 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-03 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-23 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-04-09 33176]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-02 33808]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-10-19 29216]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-02-08 57408]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]
.
.
------- Supplementary Scan -------
.
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xwyuklp2.default\
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 11:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 04:38

Pre-Run: 27,284,074,496 bytes free
Post-Run: 27,199,254,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

280 --- E O F --- 2009-04-04 07:47

What is going on now?

Please post a new hijackthis log.

Also...



Update Java: Security Issue

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:
Select it and click Remove.
* The current version can be downloaded from Sun here: Java SE Downloads - Sun Developer Network (SDN) Scroll down the page to 'Java Runtime Environment (JRE) 6u12(or higher) and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

The random files are still running in the temp folder. Here is the lastest hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1342, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6662 bytes

Post some of the files from the temp folder so I can take a look.

Did you update your Java?

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

I have done a sceen grap of winpatrol - it is the last file on the list.

Yes, I have updated Java.

Thanks

Should be ok:

etilqs xxxxxxxxxxxx [Archive] - Wilders Security Forums

etilqs_ - Google Search

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

OK, cool, thanks for all your help - just wish they wouldn't make the file name look suspicious.

Thanks again.

Your welcome, happy surfing out there.

__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.