Help with Trojan (Win32:BHO-KD)

system · February 21, 2008, 5:03am

Hey, I read through some of the earlier topics on this trojan, and they told people to make a new topic with a Combo Fix log and a HiJack This log, so here they are. Does anyone know what I should do? I started having touble with Internet Explorer weeks ago, but I figured it was relatively innocent spyware and just decided to start using the Opera web browser. Things were going fine until every once in a while a window would pop up saying I had a Trojan and asking me to get rid of it. I figured this was just a spyware or something similar trying to get me to download something or somehow give it access (sorry if I’m not making much sense, I have almost no experience with these things), so I did my best to ignore it. But then any time I opened up Windows Explorer an Internet Explorer window would pop up to some search engine site, and a bubble was popping up from my task bar every once in a while telling me I had a Trojan. Finally, yesterday, after saying “no” to the pop-up window about the Trojan, two windows popped up, both saying “Time to die.” Nothing really happened, and I was suprised at the extreme lack of originality on the Trojan’s threat, but I figured now might be a good time to get serious about getting rid of it. So I got Avast and ran it, and it found the Trojan, but couldn’t do anything with it. I did a Google search of the Trojan, and now I’m here hoping there’s a way I can get rid of it.

Anyways, I apologise if none of that information helps and was just a waste of time, but I figured that more information couldn’t hurt, right? The logs are too long for this post, so I’ll post the Combo This and HiJack This logs in seperate posts. Thanks for any help you can provide.

system · February 21, 2008, 5:05am

Combo Fix log:

ComboFix 08-02-21 - Orolin 2008-02-20 20:37:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504 [GMT -8:00]
Running from: C:\Documents and Settings\Orolin\Desktop\ComboFix.exe

Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Orolin\Application Data\macromedia\Flash Player#SharedObjects\BYFFZSMH\www.broadcaster.com
C:\Documents and Settings\Orolin\Application Data\macromedia\Flash Player#SharedObjects\BYFFZSMH\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Orolin\Application Data\macromedia\Flash Player#SharedObjects\BYFFZSMH\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Orolin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com
C:\Documents and Settings\Orolin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\credu.dll
C:\WINDOWS\system32\drivers\iaxktvhs.dat
C:\WINDOWS\system32\drivers\sfsync02.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_PIQOQDSB
-------\LEGACY_SFSYNC02
-------\piqoqdsb
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-19 18:22 . 2008-02-19 18:22 d-------- C:\Program Files\Alwil Software
2008-02-19 18:22 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-19 18:22 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-19 18:22 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-19 18:22 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-19 18:22 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-19 18:22 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-19 18:22 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-19 18:22 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-18 21:34 . 2008-02-18 21:34 d-------- C:\Program Files\SpyShredder
2008-02-14 15:27 . 2008-02-14 15:27 d-------- C:\Program Files\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 04:17 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-19 23:40 --------- d-----w C:\Documents and Settings\Orolin\Application Data\gtk-2.0
2008-01-18 23:34 --------- d-----w C:\Documents and Settings\Orolin\Application Data\uTorrent
2008-01-06 00:35 --------- d-----w C:\Program Files\Frets on Fire
2008-01-06 00:11 --------- d-----w C:\Program Files\Java
2007-12-21 22:25 --------- d–h–w C:\Program Files\InstallShield Installation Information
2007-12-21 05:37 --------- d-----w C:\Program Files\TGTSoft
2007-12-21 04:52 --------- d-----w C:\Program Files\Stardock
2006-05-13 20:58 1 ----a-w C:\Documents and Settings\Orolin\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-12-07 13:00 1502232 --a------ C:\Program Files\speed-bit\tbspe1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}

[HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}”= C:\Program Files\speed-bit\tbspe1.dll [2007-12-07 13:00 1502232]

[HKEY_CLASSES_ROOT\clsid{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Steam”=“”
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 04:00 15360]
“Aim6”=“C:\Program Files\AIM6\aim6.exe” [2007-10-04 07:20 50528]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-06-24 12:36 68856]
“STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 10:31 1372160]
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-10-18 20:05 204288]

system · February 21, 2008, 5:05am

Second half of Combo Fix log:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2008-01-05 16:11 77824]
“RivaTunerStartupDaemon”=“D:\Programs\Overclocking tools\RivaTuner\RivaTuner v2.0 RC 15.8\RivaTuner.exe” [2005-12-01 00:35 2285568]
“LClock”=“C:\Program Files\LClock\LClock.exe” [2004-09-20 00:27 65536]
“bcmwltry”=“bcmwltry.exe” [2003-07-25 15:28 462848 C:\WINDOWS\system32\bcmwltry.exe]
“removecpl”=“RemoveCpl.exe”
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-11-22 20:05 344064]
“IsReminder”=“C:\WINDOWS\system32\ISPopup.exe” [2007-02-28 18:02 16384]
“iShield”=“C:\WINDOWS\system32\iShield.exe” [2006-10-17 09:43 151552]
“RTHDCPL”=“RTHDCPL.EXE” [2007-01-30 17:54 16116224 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 17:20 866584]
“Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 08:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
“Sony Ericsson PC Suite”=“D:\Programs\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe” [2005-10-26 16:17 159744]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 05:24 286720]
“iTunesHelper”=“D:\Programs\iTunes\iTunesHelper.exe” [2007-09-26 13:42 267064]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 05:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“MySpaceIM”=“C:\Program Files\MySpace\IM\MySpaceIM.exe” [2007-12-18 17:47 8720384]

C:\Documents and Settings\Orolin\Start Menu\Programs\Startup
Reboot.exe [2004-09-30 22:01:50 334336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
SATARAID5.lnk - C:\Program Files\Silicon Image\3132 SATARAID5\sam.jar [2006-03-17 21:22:16 1578096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“UIHost”=“LogonUI.EXE”

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3132r5.sys [2005-03-31 11:28]
R2 Guardware Product Update Service;Guardware Product Update Service;C:\Program Files\Guardware\GWPUM\updsvc.exe [2007-01-31 14:04]
R2 Viewpoint Manager Service;Viewpoint Manager Service;“C:\Program Files\Viewpoint\Common\ViewpointService.exe” [2007-01-04 13:38]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 03:31]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.231\ATI Tray Tools\atitray.sys
S3 jatmlano;jatmlano;C:\DOCUME~1\Orolin\LOCALS~1\Temp\jatmlano.sys

.
Contents of the ‘Scheduled Tasks’ folder
“2008-02-14 20:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

C:\Program Files\Apple Software Update\SoftwareUpdate.exe
“2008-02-20 21:24:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job”
C:\Program Files\Windows Defender\MpCmdRun.exe
.

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 20:44:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
→ C:\Program Files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Programs\Sony Ericsson PC Suite\Mobile Phone Monitor\epmworker.exe
.

.
Completion time: 2008-02-20 20:46:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 04:46:41
.
2008-02-19 21:10:45 — E O F —

system · February 21, 2008, 5:06am

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:54 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Guardware\GWPUM\updsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\iShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Programs\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe
D:\Programs\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Programs\Sony Ericsson PC Suite\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: iShield Plug-in - {3050CDCA-E35E-4696-A544-8B0A589CE885} - C:\WINDOWS\system32\ISIEEdit.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0\bin\jusched.exe”
O4 - HKLM..\Run: [RivaTunerStartupDaemon] “D:\Programs\Overclocking tools\RivaTuner\RivaTuner v2.0 RC 15.8\RivaTuner.exe” /S
O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM..\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM..\Run: [IsReminder] C:\WINDOWS\system32\ISPopup.exe
O4 - HKLM..\Run: [iShield] C:\WINDOWS\system32\iShield.exe
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [Sony Ericsson PC Suite] “D:\Programs\Sony Ericsson PC Suite\Application Launcher\Application Launcher.exe” /startoptions
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “D:\Programs\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Aim6] “C:\Program Files\AIM6\aim6.exe” /d locale=en-US ee://aol/imApp
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User ‘Default user’)
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SATARAID5.lnk = ?

system · February 21, 2008, 5:06am

Second half of HiJack This log:

O8 - Extra context menu item: &Clean Traces - D:\Programs\Download Accelerator Plus\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Programs\Download Accelerator Plus\DAP\dapextie.htm
O8 - Extra context menu item: Add this site to iShield black list - C:\WINDOWS\system32\isBRclick.htm
O8 - Extra context menu item: Add this site to iShield white list - C:\WINDOWS\system32\isWRclick.htm
O8 - Extra context menu item: Download &all with DAP - D:\Programs\Download Accelerator Plus\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Guardware Product Update Service - Guardware Ltd - C:\Program Files\Guardware\GWPUM\updsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

–
End of file - 10110 bytes

Help with Trojan (Win32:BHO-KD)

Announcements