MSN MSIE Wont connect, virus. OH NOES!

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
I ran combofix last night, i was a little tipsy, when i woke up this morning, msn was connected, i rebooted, the window telling me i didnt have admin access was gone, and i burned a cd to listen to for the drive to work.
it looks like it is fixed,
i will post the sas log and combo fix log when i get home tonight
 
ZLOB!!! ITS THE WORST VIRUS! I have had Zlob is and it was just something unbelievable, malware wounded it but couldn't get it out. I spent 2 weeks literally hunting its keys and traces down in my own registry and finally I just gave up and rebuiled my OS. Zlob is like a level 9-10 virus which is one of the worst and hardest to get rid of. And its a russian-made virus I am pretty sure. My people are up to no good.
 
ComboFix 09-07-14.08 - kev 07/17/2009 0:22:44.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2623 [GMT -4:00]
Running from: C:\Documents and Settings\kev\My Documents\Hentede filer\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kev\Application Data\bcrypt.html
C:\Documents and Settings\kev\Application Data\inst.exe
C:\Program Files\sFX
C:\Program Files\WinPCap
C:\Program Files\WinPCap\rpcapd.exe
C:\RECYCLER\S-1-5-21-5223466556-8096075262-254021249-8367
C:\WINDOWS\010112010146118114.dat
C:\WINDOWS\system32\ATIODCLI.exe
C:\WINDOWS\system32\ATIODE.exe
C:\WINDOWS\system32\drivers\hjgruimugohrfu.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hjgruiakwuisux.dat
C:\WINDOWS\system32\hjgruinqtacyvt.dll
C:\WINDOWS\system32\hjgruinwovsuab.dll
C:\WINDOWS\system32\hjgruiycxmjqnm.dat
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\uuddc32.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiyfvxjeao
-------\Legacy_acpi32
-------\Legacy_npf
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Service_npf
-------\Service_sfx


((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 04:22:44 . 2009-07-17 04:22:44 0 d-----w- C:\Documents and Settings\kev\Local Settings\Application Data\ESET
2009-07-16 04:30:21 . 2009-07-16 07:11:23 0 d-----w- C:\Program Files\Trillian
2009-07-16 03:48:51 . 2009-07-17 09:55:13 117760 ----a-w- C:\Documents and Settings\kev\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-16 03:44:25 . 2009-07-16 03:44:25 0 d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-16 03:43:31 . 2009-07-16 03:43:34 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-07-16 03:43:31 . 2009-07-16 03:43:31 0 d-----w- C:\Documents and Settings\kev\Application Data\SUPERAntiSpyware.com
2009-07-16 03:34:37 . 2009-07-16 03:34:37 0 d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-07-16 00:16:38 . 2009-07-16 00:16:38 0 d-----w- C:\WINDOWS\system32\config\systemprofile\Tracing
2009-07-15 14:25:31 . 2009-07-15 14:25:31 8224 ----a-w- C:\Documents and Settings\Administrator.PIMP-6BVMACV9YE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 14:25:27 . 2009-07-15 14:25:27 0 d-----w- C:\Documents and Settings\Administrator.PIMP-6BVMACV9YE\Application Data\Ahead
2009-07-15 14:25:14 . 2009-07-15 14:25:14 0 d-----w- C:\Documents and Settings\Administrator.PIMP-6BVMACV9YE\Local Settings\Application Data\Ahead
2009-07-15 04:26:54 . 2009-07-15 04:26:40 102664 ----a-w- C:\WINDOWS\system32\drivers\tmcomm.sys
2009-07-15 04:26:36 . 2009-07-15 04:27:06 0 d-----w- C:\Documents and Settings\kev\.housecall6.6
2009-07-15 04:19:41 . 2009-07-15 04:19:41 0 d-----w- C:\Program Files\Trend Micro
2009-07-14 05:55:41 . 2009-07-14 05:55:41 0 d-----w- C:\Program Files\ESET
2009-07-14 05:55:41 . 2009-07-14 05:55:41 0 d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2009-07-14 05:44:07 . 2009-07-14 05:44:07 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-07-14 05:44:01 . 2009-07-14 05:44:01 0 d-----w- C:\Documents and Settings\kev\Local Settings\Application Data\Mozilla
2009-07-13 04:53:33 . 2009-07-13 04:53:33 40960 --sh--r- C:\WINDOWS\system32\flashd32.dll
2009-07-13 04:51:33 . 2009-07-13 05:49:32 0 ----a-w- C:\WINDOWS\system32\drivers\cbdf3c78.sys
2009-07-13 04:50:48 . 2009-07-13 04:50:48 22627 ----a-w- C:\vfjmbvbg.exe
2009-07-13 04:30:08 . 2009-07-14 02:42:59 0 d-----w- C:\Program Files\Easy-Hide-IP
2009-07-07 06:06:25 . 2009-07-07 06:06:38 0 d-----w- C:\WINDOWS\system32\NtmsData
2009-06-28 00:21:16 . 2009-06-28 00:21:16 0 d-----w- C:\Documents and Settings\kev\Report Files
2009-06-28 00:12:55 . 2009-06-28 00:15:47 1024 ---h--r- C:\WINDOWS\system32\NTIBUN4.dll
2009-06-28 00:12:50 . 2009-06-28 00:12:50 6144 ----a-w- C:\WINDOWS\system32\drivers\NTIDrvr.sys
2009-06-24 01:53:37 . 2009-06-24 01:55:45 0 d-----w- C:\Documents and Settings\kev\Application Data\Winamp
2009-06-24 01:53:37 . 2009-06-24 01:55:43 0 d-----w- C:\Program Files\Winamp
2009-06-21 04:47:02 . 2009-06-21 04:47:32 0 d-----w- C:\Program Files\QuickTime
2009-06-21 04:47:01 . 2009-06-21 04:47:01 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-18 03:19:19 . 2009-07-17 01:51:46 0 d-----w- C:\Program Files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 09:55:26 . 2009-02-01 19:31:06 0 d-----w- C:\Program Files\Steam
2009-07-17 08:06:44 . 2009-04-10 18:40:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-17 04:27:07 . 2004-08-04 15:00:00 182656 ----a-w- C:\WINDOWS\system32\drivers\ndis.sys
2009-07-17 04:20:11 . 2009-06-11 05:49:58 0 d-----w- C:\Program Files\FreeRapid-0.82
2009-07-16 03:53:08 . 2009-01-24 05:59:58 0 d-----w- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-16 03:43:12 . 2009-01-24 03:44:46 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-16 03:37:32 . 2008-07-01 16:47:44 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-07-16 01:21:41 . 2008-09-13 15:37:34 0 d-----w- C:\Program Files\FlashFXP
2009-07-15 04:11:41 . 2008-08-16 02:10:15 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-15 04:11:23 . 2009-01-24 06:17:33 0 d-----w- C:\Documents and Settings\LocalService\Application Data\SACore
2009-07-14 12:53:21 . 2008-07-01 15:02:11 70064 ----a-w- C:\Documents and Settings\kev\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 04:56:04 . 2008-07-01 15:04:27 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-14 02:41:14 . 2009-01-24 03:33:07 0 d-----w- C:\Program Files\Total Video Converter
2009-07-14 02:37:58 . 2009-01-18 22:42:46 0 d-----w- C:\Program Files\Garena
2009-07-14 01:49:33 . 2009-01-31 22:52:13 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2009-07-13 05:59:28 . 2009-01-29 02:54:21 0 d-----w- C:\Program Files\Hard Disk Sentinel
2009-07-10 21:56:50 . 2009-04-05 06:03:43 0 d-----w- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-07-07 05:48:09 . 2009-07-07 05:47:51 0 d-----w- C:\Program Files\C-Media USB Sound
2009-06-16 14:36:30 . 2004-08-04 15:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:36:30 . 2004-08-04 15:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-16 02:31:50 . 2008-07-18 18:04:42 0 d-----w- C:\Documents and Settings\kev\Application Data\Image Zone Express
2009-06-09 06:40:29 . 2009-06-09 06:40:24 0 d-----w- C:\Program Files\Motherboard Monitor 5
2009-06-05 23:37:15 . 2009-04-27 02:59:58 8673792 ----a-w- C:\Documents and Settings\All Users\Application Data\atscie.msi
2009-06-05 23:36:34 . 2009-06-05 23:36:34 0 d-----w- C:\Program Files\Common Files\Pure Networks Shared
2009-06-05 22:54:29 . 2009-06-05 22:54:29 0 d-----w- C:\Documents and Settings\All Users\Application Data\Maxtor
2009-06-05 22:54:24 . 2009-06-05 22:51:18 44384 ----a-w- C:\WINDOWS\system32\drivers\tifsfilt.sys
2009-06-05 22:54:24 . 2009-06-05 22:51:18 441760 ----a-w- C:\WINDOWS\system32\drivers\timntr.sys
2009-06-05 22:54:21 . 2009-06-05 22:51:11 132224 ----a-w- C:\WINDOWS\system32\drivers\snapman.sys
2009-06-05 22:54:17 . 2009-06-05 22:51:06 368480 ----a-w- C:\WINDOWS\system32\drivers\tdrpman.sys
2009-06-05 22:54:15 . 2009-06-05 22:50:29 0 d-----w- C:\Program Files\Common Files\Seagate
2009-06-05 22:51:26 . 2009-06-05 22:51:26 0 d-----w- C:\Documents and Settings\All Users\Application Data\Seagate
2009-06-05 22:50:29 . 2009-06-05 22:50:29 0 d-----w- C:\Program Files\Seagate
2009-06-03 19:09:37 . 2004-08-04 15:00:00 1291264 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-05-31 07:31:02 . 2009-04-25 21:12:43 0 d-----w- C:\Documents and Settings\kev\Application Data\Nokia
2009-05-31 03:28:49 . 2009-05-31 03:28:37 0 d-----w- C:\Program Files\AGEIA Technologies
2009-05-31 03:28:07 . 2009-05-31 03:28:07 413696 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2009-05-31 03:28:07 . 2009-05-31 03:28:07 110592 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2009-05-31 03:28:07 . 2009-05-31 03:28:07 0 d-----w- C:\Program Files\OpenAL
2009-05-14 03:04:30 . 2009-05-14 03:04:30 552 ----a-w- C:\WINDOWS\system32\d3d8caps.dat
2009-05-07 15:32:35 . 2004-08-04 15:00:00 345600 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-04-29 04:56:02 . 2004-08-04 15:00:00 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-04-29 04:55:56 . 2004-08-04 15:00:00 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-04-25 21:28:50 . 2009-04-25 21:28:50 8192 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-25 21:28:50 . 2009-04-25 21:28:50 61440 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-25 21:28:50 . 2009-04-25 21:28:50 10240 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-25 21:28:36 . 2009-04-25 21:29:03 34396584 ----a-w- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-20 04:18:07 . 2009-04-20 04:18:07 161352 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-24 14:22:26 . 2009-07-16 02:14:26 137208 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 18:50:38 3885408]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 22:05:02 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 15:01:38 1830128]
"Steam"="c:\program files\steam\steam.exe" [2009-06-11 01:03:29 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 21:45:32 279912]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2007-04-10 21:46:43 996712]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 17:56:32 1406024]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 19:05:24 1410304]
"Maxtor Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 23:56:52 136472]
"MaxBlastMonitor.exe"="C:\Program Files\Seagate\DiscWizard\MaxBlastMonitor.exe" [2008-06-27 21:01:28 1325800]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 01:52:38 49152]
"Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" [2009-01-29 04:41:55 3407360]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 11:00:48 33648]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 23:52:18 1325848]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 00:06:22 904768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-03-08 18:50:38 3885408]

C:\Documents and Settings\kev\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
UltraMon.lnk - C:\WINDOWS\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2009-1-20 29310]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{38101905-D80F-4788-96F6-986A8186178A}"= "C:\WINDOWS\system32\flashd32.dll" [2009-07-13 04:53:33 40960]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05:34 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kev^Start Menu^Programs^Startup^Popup Ad Stopper.lnk]
path=C:\Documents and Settings\kev\Start Menu\Programs\Startup\Popup Ad Stopper.lnk
backup=C:\WINDOWS\pss\Popup Ad Stopper.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=
"C:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\WINDOWS\\system32\\dwwin.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"67:UDP"= 67:UDP😀HCP Discovery Service

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [11/14/2007 3:06:38 PM 30728]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01:40 AM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01:40 AM 72944]
R2 CachemanXPService;CachemanXP;C:\PROGRA~1\CACHEM~1\CachemanXP.exe [1/19/2009 2:48:02 AM 355840]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/14/2007 3:05:50 PM 455936]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;C:\WINDOWS\system32\drivers\fle5wnnt.sys [10/1/2008 10:42:51 PM 33404]
R2 FLSIFACE;FLSIface;C:\WINDOWS\system32\drivers\flsiface.sys [10/1/2008 10:42:51 PM 13440]
R2 FLSPAR;FLSPar;C:\WINDOWS\system32\drivers\flspar.sys [10/1/2008 10:42:51 PM 16314]
R2 FLSSER;FLSSer;C:\WINDOWS\system32\drivers\flsser.sys [10/1/2008 10:42:51 PM 8344]
R2 FLSVCOM;FLSVCom;C:\WINDOWS\system32\drivers\flsvcom.sys [10/1/2008 10:42:51 PM 32544]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\drivers\fssfltr_tdi.sys [2/17/2009 11:42:54 PM 55152]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56:38 PM 431384]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;C:\WINDOWS\system32\TUProgSt.exe [2/12/2009 9:58:44 AM 603904]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22:52 PM 11776]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\l151x86.sys [7/1/2008 11:13:35 AM 36864]
R3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [7/7/2009 1:48:35 AM 1414528]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01:42 AM 7408]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23:14 PM 3584]
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\drivers\VX6000Xp.sys [7/1/2008 2:59:06 PM 2385896]
S1 cbdf3c78;cbdf3c78;C:\WINDOWS\system32\drivers\cbdf3c78.sys [7/13/2009 12:51:33 AM 0]
S2 AODService;AODService;C:\Program Files\AMD\OverDrive\AODAssist --> C:\Program Files\AMD\OverDrive\AODAssist [?]
S2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56:38 PM 431384]
S3 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08:58 PM 533360]
S3 TempLog;TempLog;C:\Program Files\Hard Disk Sentinel\HDSentinel.sys [1/28/2009 10:54:21 PM 3897]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36:18 . 2008-12-11 20:36:18]

2009-07-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 192.168.0.1:80
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - C:\Documents and Settings\kev\Application Data\Mozilla\Firefox\Profiles\diijkrzm.default\
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:47 PM, on 7/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\program files\steam\steam.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\analyze.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Maxtor Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Seagate\DiscWizard\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214961248968
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Scheduler2 Service (MaxSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 11105 bytes
 
I'm just looking over your logs, there are a couple of suspicious entries.

Upload them to VirusTotal for analysis.

http://www.virustotal.com/

Click the browse button and navigate to:

C:\vfjmbvbg.exe

then

C:\WINDOWS\system32\drivers\cbdf3c78.sys

You may to have hidden files and folders made visible.

Can you post the logs from VirusTotal please.
 
C:\WINDOWS\System32\svchost.exe

-Svhost can potentially be a virus, it mimics its name.
-If you can try doing a boot-scan for viruses if you have software to do that...very suspicious. In boot-time scan, it can scan all processes, giving a much higher chance of catching a malware/virus

- HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-Many viruses can be called anti-virus be really be viruses, i am not saying it is one but looks suspicious to me

-O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
-Okay i know what punkbuster is but the fact that it says unkown owner tells me it might not be verified and have the real punkbuster's digital signiture...very suspicious

-Can you please organize the running processes by thier NAME from A-Z and repost, it will be easier for my to notice potential malware.
 
MD5: b42f06bb21d598a834ae4739a10fd34f
First received: 2009.07.13 05:40:27 UTC
Date: 2009.07.16 09:30:56 UTC [+1D]
Results: 23/41
Permalink: analisis/0b6fd9711b2706d97c1b125a67a5ed11a5339b8b11bb43c62222ab5146c95143-1247736656


File fdhjbl.exe received on 2009.07.16 09:30:56 (UTC)
Current status: finished
Result: 23/41 (56.10%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.16 Trojan.Win32.Rabbit!IK
AhnLab-V3 5.0.0.2 2009.07.16 -
AntiVir 7.9.0.215 2009.07.16 TR/Dropper.Gen2
Antiy-AVL 2.0.3.7 2009.07.16 Trojan/Win32.Agent.gen
Authentium 5.1.2.4 2009.07.16 W32/Kobcka.B.gen!Eldorado
Avast 4.8.1335.0 2009.07.16 Win32:Wigon-G
AVG 8.5.0.387 2009.07.16 Win32/Heur
BitDefender 7.2 2009.07.16 -
CAT-QuickHeal 10.00 2009.07.16 TrojanDownloader.Agent.ciiv
ClamAV 0.94.1 2009.07.16 -
Comodo 1668 2009.07.16 -
DrWeb 5.0.0.12182 2009.07.16 Trojan.DownLoad.38937
eSafe 7.0.17.0 2009.07.15 Win32.Wigon.Kt
eTrust-Vet 31.6.6617 2009.07.15 -
F-Prot 4.4.4.56 2009.07.16 W32/Kobcka.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.07.16 Trojan-Downloader.Win32.Agent.ciiv
Fortinet 3.120.0.0 2009.07.16 W32/Agent.CIIV!tr.dldr
GData 19 2009.07.16 Win32:Wigon-G
Ikarus T3.1.1.64.0 2009.07.16 Trojan.Win32.Rabbit
Jiangmin 11.0.800 2009.07.16 TrojanDownloader.Agent.bofg
K7AntiVirus 7.10.793 2009.07.15 Trojan-Downloader.Win32.Agent.ciiv
Kaspersky 7.0.0.125 2009.07.16 Trojan-Downloader.Win32.Agent.ciiv
McAfee 5677 2009.07.15 -
McAfee+Artemis 5677 2009.07.15 Artemis!B42F06BB21D5
McAfee-GW-Edition 6.8.5 2009.07.16 Heuristic.LooksLike.Win32.Cutwail.A
Microsoft 1.4803 2009.07.16 TrojanDownloader:Win32/Cutwail.AS
NOD32 4249 2009.07.16 a variant of Win32/Wigon.KT
Norman 6.01.09 2009.07.15 -
nProtect 2009.1.8.0 2009.07.16 -
Panda 10.0.0.14 2009.07.15 -
PCTools 4.4.2.0 2009.07.15 -
Prevx 3.0 2009.07.16 -
Rising 21.38.31.00 2009.07.16 -
Sophos 4.43.0 2009.07.16 -
Sunbelt 3.2.1858.2 2009.07.16 Trojan.Win32.Unidentified.VS
Symantec 1.4.4.12 2009.07.16 -
TheHacker 6.3.4.3.368 2009.07.15 -
TrendMicro 8.950.0.1094 2009.07.16 -
VBA32 3.12.10.8 2009.07.15 -
ViRobot 2009.7.16.1838 2009.07.16 -
VirusBuster 4.6.5.0 2009.07.15 Trojan.DR.Pandex.Gen.13
Additional information
File size: 22627 bytes
MD5 : b42f06bb21d598a834ae4739a10fd34f
SHA1 : ee97e5164ad4ac3879c60e6ee68f6267abaaca62
SHA256: 0b6fd9711b2706d97c1b125a67a5ed11a5339b8b11bb43c62222ab5146c95143
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11E4
timedatestamp.....: 0x4A5A6E2E (Mon Jul 13 01:13:50 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xBBC 0xBC0 6.46 3c6d167c3aee0e59f7d55fa0cdfe3d28
.rdata 0x2000 0x362 0x364 4.88 01ba01f2a0b9619a8df22cfa8c6217e7
.data 0x3000 0xD4 0x8F 3.55 c65aaf09d706efb2b8d98183b762aaca
.rsrc 0x4000 0x4260 0x4263 7.98 e3f83fbc9c8cdcfa2d334d8dc5e3dc3d

( 2 imports )

> kernel32.dll: GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, Sleep, ExitProcess
> user32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CreateDialogParamA, CreateWindowExA, CreateWindowStationA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetTopWindow, GetUserObjectInformationA, MessageBoxA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

( 0 exports )
TrID : File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ssdeep: 384:07oityqnQ7S+tZsJvcoH6oOB0GpFwrPP69DSUAxxaMF8ipnJymmiBZ:0cMu3sJp6AGcrnAm7aMOikmFBZ
PEiD : -
RDS : NSRL Reference Data Set
 
I dont understand, is that results from a scan(s)?

--Can you please organize the running processes from task mananger by thier NAME from A-Z and repost, it will be easier for me to notice potential malware.
 
That's good, lets continue with the fix.

Step One

First create a batch file to delete a service

Open notepad.

Click start > run and type in:

notepad.exe

Copy and paste the bolded text below into notepad:

@ECHO OFF
sc stop hjgruiyfvxjeao
sc delete hjgruiyfvxjeao
exit

Select "File" then "Save as"
Save to the Desktop and make the File name:

delserv.bat

make sure that the "Save as type" says "All files"

Double click the newly created delserv file on your desktop. A black window should briefly appear.


Step Two

Open notepad.

Click start > run and type in:

notepad.exe

Copy and paste the bolded text below into notepad:

KillAll::

File::
c:\windows\system32\flashd32.dll
C:\vfjmbvbg.exe
C:\WINDOWS\system32\drivers\cbdf3c78.sys

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{38101905-D80F-4788-96F6-986A8186178A}"=-


Save this as a text file with name of:

CFScript

Select "All files" from Save as Type. Save to the desktop.

Now click and drag the CFScript file onto the combofix icon on your desktop.

Post the new combofix log in your next reply.
 
--Can you please organize the running processes from task mananger by thier NAME from A-Z and repost, it will be easier for me to notice potential malware. As you did in one of the posts above...

-Why are you ignoring me? I need to see them organized by name from A-Z, it will let me notice and see anything fishy.
 
--------[ Processes ]---------------------------------------------------------------------------------------------------

aawservice.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 32-bit 1504 KB 11524 KB
Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe 32-bit 3820 KB 2108 KB
Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe 32-bit 3300 KB 1904 KB
CachemanXP.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe 32-bit 1520 KB 2232 KB
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 32-bit 4772 KB 1340 KB
devldr32.exe C:\WINDOWS\system32\devldr32.exe 32-bit 3976 KB 2364 KB
egui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 32-bit 3312 KB 8064 KB
ekrn.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 32-bit 43200 KB 40172 KB
everest.exe C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe 32-bit 24284 KB 21764 KB
Explorer.EXE C:\WINDOWS\Explorer.EXE 32-bit 32792 KB 35556 KB
firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe 32-bit 167 MB 158 MB
frd.exe C:\Program Files\Java\jre6\launch4j-tmp\frd.exe 32-bit 35004 KB 71768 KB
GrooveMonitor.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 32-bit 7252 KB 2748 KB
HDSentinel.exe C:\Program Files\Hard Disk Sentinel\HDSentinel.exe 32-bit 16308 KB 13700 KB
HPWuSchd2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 32-bit 2904 KB 952 KB
ICQ.exe C:\Program Files\ICQ6.5\ICQ.exe 32-bit 49040 KB 46472 KB
InCDsrv.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 32-bit 5272 KB 2228 KB
ipoint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe 32-bit 14556 KB 8496 KB
jqs.exe C:\Program Files\Java\jre6\bin\jqs.exe 32-bit 1392 KB 2236 KB
lsass.exe C:\WINDOWS\system32\lsass.exe 32-bit 1604 KB 2800 KB
MaxBlastMonitor.exe C:\Program Files\Seagate\DiscWizard\MaxBlastMonitor.exe 32-bit 2304 KB 1812 KB
MSCamS32.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe 32-bit 2560 KB 760 KB
msmsgs.exe C:\Program Files\Messenger\msmsgs.exe 32-bit 1896 KB 1632 KB
MsnMsgr.Exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 32-bit 59932 KB 40900 KB
PnkBstrA.exe C:\WINDOWS\system32\PnkBstrA.exe 32-bit 2528 KB 1764 KB
regmech.exe C:\Program Files\Registry Mechanic\regmech.exe 32-bit 22500 KB 21872 KB
RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe 32-bit 11840 KB 4972 KB
schedhlp.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe 32-bit 3212 KB 996 KB
schedul2.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe 32-bit 2388 KB 736 KB
SeaPort.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 32-bit 8408 KB 5776 KB
services.exe C:\WINDOWS\system32\services.exe 32-bit 5404 KB 3696 KB
smss.exe C:\WINDOWS\System32\smss.exe 32-bit 416 KB 172 KB
speedfan.exe C:\Program Files\SpeedFan\speedfan.exe 32-bit 11640 KB 6304 KB
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe 32-bit 5876 KB 3920 KB
StarWindService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 32-bit 2140 KB 608 KB
steam.exe C:\program files\steam\steam.exe 32-bit 21712 KB 54396 KB
SUPERAntiSpyware.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 32-bit 804 KB 100 MB
svchost.exe C:\WINDOWS\System32\svchost.exe 32-bit 1924 KB 532 KB
svchost.exe C:\WINDOWS\System32\svchost.exe 32-bit 1884 KB 520 KB
svchost.exe C:\WINDOWS\system32\svchost.exe 32-bit 4060 KB 2328 KB
svchost.exe C:\WINDOWS\System32\svchost.exe 32-bit 2492 KB 1116 KB
svchost.exe C:\WINDOWS\system32\svchost.exe 32-bit 6404 KB 3392 KB
svchost.exe C:\WINDOWS\system32\svchost.exe 32-bit 4788 KB 2884 KB
svchost.exe C:\WINDOWS\System32\svchost.exe 32-bit 36480 KB 20980 KB
svchost.exe C:\WINDOWS\system32\svchost.exe 32-bit 2260 KB 1720 KB
TimounterMonitor.exe C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe 32-bit 6220 KB 6684 KB
TUProgSt.exe C:\WINDOWS\System32\TUProgSt.exe 32-bit 2952 KB 1020 KB
UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe 32-bit 4060 KB 1328 KB
UltraMon.exe C:\Program Files\UltraMon\UltraMon.exe 32-bit 4236 KB 3640 KB
UltraMonTaskbar.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe 32-bit 3224 KB 1464 KB
vVX6000.exe C:\WINDOWS\vVX6000.exe 32-bit 4268 KB 1484 KB
WgaTray.exe C:\WINDOWS\system32\WgaTray.exe 32-bit 416 KB 2256 KB
winamp.exe C:\Program Files\Winamp\winamp.exe 32-bit 71068 KB 60396 KB
winlogon.exe C:\WINDOWS\system32\winlogon.exe 32-bit 5016 KB 7296 KB
wlcomm.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe 32-bit 32860 KB 20512 KB
WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe 32-bit 1384 KB 380 KB
WMP54Gv4.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe 32-bit 7720 KB 8188 KB


 
Thanks, I checked out your processes and it looks pretty clean to me, however just be safe since svhost really looks suspicious to me, just go to this link:
http://www.processlibrary.com/search/?q=svhost
and run the scan to check for svhost related errors, becuase everything might be fine but I smell fish from that processes.

-Also services.exe looks fishy,
http://www.processlibrary.com/search/?q=services.exe
-run the scan

-And lastly msmsgs.exe looks like it might be something
http://www.processlibrary.com/search/?q=msmsgs.exe

*Note* in the links I sent you, there might be more then one of the same processes listed, run the scan under the one that is colored red, not green.
 
Sorry for double post, but give me some time and I will give a closer look to those processes and will try to find a software for you to get rid of process-related malware. I will stay focused on just the *"running processes and services"* to look into that cause i dont really know much about the scripts you and the other poster are doing and other stuff.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom