• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

help kind sirs

I

iamtony

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:06 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\tony\LOCALS~1\Temp\2466243390.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
O2 - BHO: C:\WINDOWS\system32\yhs783ijfo3fe.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O2 - BHO: (no name) - {CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - C:\WINDOWS\system32\dbnmpnt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\tony\LOCALS~1\Temp\995149640.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/software/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Unknown owner - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10463 bytes



I have run spybot and computer scan on eset nod antivirus multiple times.
On spybot fraud xpantivirus and pws.ldpinchie keep reappearing and theres probably some other stuff that lurks as well:sick:

I am willing to remove whatever and do whatever it takes. Look forward to working with you and thanks
 
Hi iamtony

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review along with a fresh HijackThis log.
 
ComboFix 09-04-29.03 - tony 04/30/2009 2:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.295 [GMT -5:00]
Running from: c:\documents and settings\tony\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 132 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\tony\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\tony\Application Data\inst.exe
c:\documents and settings\tony\protect.dll
c:\windows\IE4 Error Log.txt
c:\windows\system32\ahtn.htm
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\bivdfvk.dll
c:\windows\system32\loader49.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\p2hhr.bat
c:\windows\system32\win32hlp.cnf
c:\windows\TEMP\NOD47.tmp

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFC
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-29 04:46 . 2009-04-29 04:46 -------- d-----w c:\program files\Trend Micro
2009-04-25 20:16 . 2009-04-25 21:16 3532 ----a-w C:\drmHeader.bin
2009-04-07 02:37 . 2009-04-07 02:37 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-07 02:36 . 2009-04-07 02:37 -------- d-----w c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 07:20 . 2009-04-30 07:20 24064 --sha-w c:\documents and settings\LocalService\protect.dll
2009-04-30 07:20 . 2009-04-30 07:20 24064 --sha-w c:\windows\system32\config\systemprofile\protect.dll
2009-04-30 07:20 . 2009-04-30 07:19 27648 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-28 17:32 . 2004-08-04 12:00 104960 ----a-w c:\windows\system32\userinit.exe
2009-04-27 05:55 . 2006-12-27 23:33 -------- d-----w c:\program files\DVDFab Platinum
2009-04-27 05:11 . 2007-12-07 07:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 06:16 . 2009-03-27 06:16 -------- d-----w c:\program files\Windows Media Connect 2
.

------- Sigcheck -------

[-] 2009-04-28 17:32 104960 7A18B8DE4B1BF4ABD43A71C583CC846D c:\windows\system32\userinit.exe
[-] 2009-04-28 17:32 104960 7A18B8DE4B1BF4ABD43A71C583CC846D c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"autochk"="c:\docume~1\tony\protect.dll" [2009-04-30 24064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-29 144792]
"autochk"="c:\windows\system32\autochk.dll" [2009-04-30 24064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"="c:\docume~1\LOCALS~1\protect.dll" [2009-04-30 24064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

c:\documents and settings\tony\Start Menu\Programs\Startup\
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"P2kAutostart"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AutoProfileRepair"="c:\program files\Oracle\Outlook Connector\profilerepair.exe" -msi
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\BearShare Pro\\Bearshare.exe"=
"c:\\tennis\\vtennis\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14951:TCP"= 14951:TCP:BitComet 14951 TCP
"14951:UDP"= 14951:UDP:BitComet 14951 UDP
"62515:UDP"= 62515:UDP:Cisco VPN Service

R2 ocautoupds;Oracle Connector Automatic Updates Service; [x]
R3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys [2003-02-26 8672]
R3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-05-04 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S0 uiplehef;uiplehef; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bf5c08-5659-11db-b52e-00c09fc24045}]
\Shell\AutoRun\command - E:\pstart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0fa4b7c-457c-11dd-b9cf-0014a5111eb3}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca70f442-5b28-11db-b545-00c09fc24045}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PortableVaultAES.exe
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - c:\windows\system32\dbnmpnt.dll
HKLM-Run-NetscapeClient - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
IE: Show Original Image - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 02:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthxayinuefk.sys 81408 bytes executable
c:\windows\system32\ovfsthxcsafnrhy.dll 18432 bytes executable
c:\windows\system32\ovfsthxlbkewysb.dll 59904 bytes executable
c:\windows\system32\ovfsthxncabbpbx.dat 43 bytes
c:\windows\system32\ovfsthxnuwqomdr.dat 580287 bytes
c:\windows\system32\ovfsthxxaqdjyvq.dll 18432 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.332765.bak 53080 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.337125.bak 1712984 bytes executable

scan completed successfully
hidden files: 8

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7140)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\autochk.dll
c:\windows\TEMP\msb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-04-30 2:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 07:28

Pre-Run: 16,044,265,472 bytes free
Post-Run: 15,982,686,208 bytes free

219 --- E O F --- 2008-01-22 22:22




I hope it wasn't a problem that after the program rebooted my computer, ESET was turned back on but combofix caught that and told me to turn it back off before it continued.

One odd thing though that I'll probably just shrug off after restarting is my entire taskbar is missing after completion but I was lucky enough to be able to open up a program from my task manager!

Thanks Shaba
 
apologies forgot the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:15 AM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
O2 - BHO: (no name) - {CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - C:\WINDOWS\system32\dbnmpnt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/software/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Unknown owner - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10260 bytes
 
Please install recovery console as instructed in link, rerun combofix and post back fresh combofix log.
 
ComboFix 09-04-29.03 - tony 04/30/2009 12:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.298 [GMT -5:00]
Running from: c:\documents and settings\tony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tony\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\protect.dll
c:\documents and settings\tony\protect.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\win32hlp.cnf
c:\windows\TEMP\NOD20.tmp

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 17:49 . 2009-04-30 17:49 531 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-29 04:46 . 2009-04-29 04:46 -------- d-----w c:\program files\Trend Micro
2009-04-25 20:16 . 2009-04-25 21:16 3532 ----a-w C:\drmHeader.bin
2009-04-07 02:37 . 2009-04-07 02:37 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-07 02:36 . 2009-04-07 02:37 -------- d-----w c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 05:55 . 2006-12-27 23:33 -------- d-----w c:\program files\DVDFab Platinum
2009-04-27 05:11 . 2007-12-07 07:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 06:16 . 2009-03-27 06:16 -------- d-----w c:\program files\Windows Media Connect 2
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_07.21.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-30 07:19 . 2009-04-30 07:19 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat
+ 2009-04-30 17:48 . 2009-04-30 17:48 16384 c:\windows\Temp\Perflib_Perfdata_71c.dat
+ 2005-05-26 09:16 . 2008-10-16 19:09 43544 c:\windows\system32\wups2.dll
+ 2006-10-07 17:32 . 2008-10-16 19:08 34328 c:\windows\system32\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:09 51224 c:\windows\system32\wuauclt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\userinit.exe
+ 2009-04-30 07:24 . 2008-10-16 19:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-04-30 07:24 . 2008-10-16 19:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\userinit.exe
+ 2004-08-04 12:00 . 2008-10-16 19:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2006-10-07 17:40 . 2009-04-30 17:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-07 17:40 . 2009-04-30 17:47 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-07 17:40 . 2009-04-30 17:47 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2008-10-16 19:09 92696 c:\windows\system32\cdm.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 202776 c:\windows\system32\wuweb.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 323608 c:\windows\system32\wucltui.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 561688 c:\windows\system32\wuapi.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 1809944 c:\windows\system32\wuaueng.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAFA9088-EB9F-450B-8A85-C47FB47B1E24}]
c:\windows\system32\dbnmpnt.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-29 144792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

c:\documents and settings\tony\Start Menu\Programs\Startup\
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"P2kAutostart"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AutoProfileRepair"="c:\program files\Oracle\Outlook Connector\profilerepair.exe" -msi
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\BearShare Pro\\Bearshare.exe"=
"c:\\tennis\\vtennis\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14951:TCP"= 14951:TCP:BitComet 14951 TCP
"14951:UDP"= 14951:UDP:BitComet 14951 UDP
"62515:UDP"= 62515:UDP:Cisco VPN Service

R2 ocautoupds;Oracle Connector Automatic Updates Service; [x]
R3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys [2003-02-26 8672]
R3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-05-04 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S0 uiplehef;uiplehef; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bf5c08-5659-11db-b52e-00c09fc24045}]
\Shell\AutoRun\command - E:\pstart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0fa4b7c-457c-11dd-b9cf-0014a5111eb3}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca70f442-5b28-11db-b545-00c09fc24045}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PortableVaultAES.exe
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-autochk - c:\windows\system32\autochk.dll
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
IE: Show Original Image - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 12:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthxayinuefk.sys 81408 bytes executable
c:\windows\system32\ovfsthxcsafnrhy.dll 18432 bytes executable
c:\windows\system32\ovfsthxlbkewysb.dll 59904 bytes executable
c:\windows\system32\ovfsthxncabbpbx.dat 43 bytes
c:\windows\system32\ovfsthxnuwqomdr.dat 587719 bytes
c:\windows\system32\ovfsthxxaqdjyvq.dll 18432 bytes executable
c:\windows\system32\lmppcsetup.exe 531 bytes

scan completed successfully
hidden files: 7

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4656)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-04-30 12:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 17:55
ComboFix2.txt 2009-04-30 07:29

Pre-Run: 16,010,264,576 bytes free
Post-Run: 16,006,688,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2008-01-22 22:22


_____________________________________________________

Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:09 PM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
O2 - BHO: (no name) - {CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - C:\WINDOWS\system32\dbnmpnt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/software/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Unknown owner - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9828 bytes


thanks
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
Adobe Acrobat 8.1.1 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bazooka Scanner
BearShare Pro 5.3.0.0
BitPim 1.0.5
BroadJump Client Foundation
Brother MFL-Pro Suite
Camtasia Studio 4
Conexant AC-Link Audio
ConvertXtoDVD 2.2.3.258
Data Fax SoftModem with SmartCP
DivX Codec
DivX Player
DVDFab Platinum 2.9.8.3
ESET NOD32 Antivirus
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTube 1.0
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LG USB Drivers
LG USB Modem driver
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Maxtor Manager
Maxtor Manager
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Driver Installation
Motorola Software Update
Mozilla Firefox (3.0.9)
MSN Music Assistant
MSN Winks
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
MVision
Nero 6 Ultra Edition
Oracle Connector for Outlook
Picasa 3
PowerDVD
Quick Launch Buttons 5.10 B5
QuickTime
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Tansee iPod Transfer v3.8
UMVPLStandalone
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6c
VobSub v2.23 (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
Yahoo! Install Manager
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

lBearShare Pro 5.3.0.0
uTorrent


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall log scan when finished and post the log back here.
 
no problem here you go.

Adobe Acrobat 8.1.1 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bazooka Scanner
BitPim 1.0.5
BroadJump Client Foundation
Brother MFL-Pro Suite
Camtasia Studio 4
Conexant AC-Link Audio
ConvertXtoDVD 2.2.3.258
Data Fax SoftModem with SmartCP
DivX Codec
DivX Player
DVDFab Platinum 2.9.8.3
ESET NOD32 Antivirus
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTube 1.0
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LG USB Drivers
LG USB Modem driver
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Maxtor Manager
Maxtor Manager
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Driver Installation
Motorola Software Update
Mozilla Firefox (3.0.9)
MSN Music Assistant
MSN Winks
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
MVision
Nero 6 Ultra Edition
Oracle Connector for Outlook
Picasa 3
PowerDVD
Quick Launch Buttons 5.10 B5
QuickTime
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Tansee iPod Transfer v3.8
UMVPLStandalone
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6c
VobSub v2.23 (Remove Only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinRAR archiver
Yahoo! Install Manager
 
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk 
c:\documents and settings\tony\Start Menu\Programs\Startup\ChkDisk.lnk 

Folder::
c:\Program Files\BearShare Pro
c:\Program Files\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\BearShare Pro\\Bearshare.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14951:TCP"=-
"14951:UDP"=-
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
ComboFix 09-04-29.03 - tony 05/01/2009 8:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.185 [GMT -5:00]
Running from: c:\documents and settings\tony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tony\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

FILE ::
c:\documents and settings\tony\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\tony\Start Menu\Programs\Startup\ChkDisk.lnk
c:\program files\BearShare Pro
c:\program files\BearShare Pro\Logs\console.txt
c:\program files\BearShare Pro\Temp\4252A9A.tmp
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk

.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-5-1 )))))))))))))))))))))))))))))))
.

2009-04-29 04:46 . 2009-04-29 04:46 -------- d-----w c:\program files\Trend Micro
2009-04-25 20:16 . 2009-04-25 21:16 3532 ----a-w C:\drmHeader.bin
2009-04-07 02:37 . 2009-04-07 02:37 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-07 02:36 . 2009-04-07 02:37 -------- d-----w c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 05:55 . 2006-12-27 23:33 -------- d-----w c:\program files\DVDFab Platinum
2009-04-27 05:11 . 2007-12-07 07:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 06:16 . 2009-03-27 06:16 -------- d-----w c:\program files\Windows Media Connect 2
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_07.21.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-30 19:00 . 2009-04-30 19:00 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2005-05-26 09:16 . 2008-10-16 19:09 43544 c:\windows\system32\wups2.dll
+ 2006-10-07 17:32 . 2008-10-16 19:08 34328 c:\windows\system32\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:09 51224 c:\windows\system32\wuauclt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\userinit.exe
+ 2009-04-30 07:24 . 2008-10-16 19:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-04-30 07:24 . 2008-10-16 19:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\userinit.exe
+ 2004-08-04 12:00 . 2008-10-16 19:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2006-10-07 17:40 . 2009-05-01 06:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-07 17:40 . 2009-05-01 06:54 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-07 17:40 . 2009-05-01 06:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2008-10-16 19:09 92696 c:\windows\system32\cdm.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 202776 c:\windows\system32\wuweb.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 323608 c:\windows\system32\wucltui.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 561688 c:\windows\system32\wuapi.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 1809944 c:\windows\system32\wuaueng.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAFA9088-EB9F-450B-8A85-C47FB47B1E24}]
c:\windows\system32\dbnmpnt.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-29 144792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"P2kAutostart"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AutoProfileRepair"="c:\program files\Oracle\Outlook Connector\profilerepair.exe" -msi
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\tennis\\vtennis\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Service

R2 ocautoupds;Oracle Connector Automatic Updates Service; [x]
R3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys [2003-02-26 8672]
R3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-05-04 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S0 uiplehef;uiplehef; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bf5c08-5659-11db-b52e-00c09fc24045}]
\Shell\AutoRun\command - E:\pstart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0fa4b7c-457c-11dd-b9cf-0014a5111eb3}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca70f442-5b28-11db-b545-00c09fc24045}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PortableVaultAES.exe
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
IE: Show Original Image - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 08:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\ovfsthxayinuefk.sys 81408 bytes executable
c:\windows\system32\ovfsthxcsafnrhy.dll 18432 bytes executable
c:\windows\system32\ovfsthxlbkewysb.dll 59904 bytes executable
c:\windows\system32\ovfsthxncabbpbx.dat 43 bytes
c:\windows\system32\ovfsthxnuwqomdr.dat 610110 bytes
c:\windows\system32\ovfsthxxaqdjyvq.dll 18432 bytes executable


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-01 8:20
ComboFix-quarantined-files.txt 2009-05-01 13:19
ComboFix2.txt 2009-04-30 17:56
ComboFix3.txt 2009-04-30 07:29

Pre-Run: 16,027,463,680 bytes free
Post-Run: 16,037,933,056 bytes free

191 --- E O F --- 2008-01-22 22:22
 
And second round against rootkits:

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    Rootkit::
c:\windows\system32\drivers\ovfsthxayinuefk.sys
c:\windows\system32\ovfsthxcsafnrhy.dll 
c:\windows\system32\ovfsthxlbkewysb.dll 
c:\windows\system32\ovfsthxncabbpbx.dat 
c:\windows\system32\ovfsthxnuwqomdr.dat 
c:\windows\system32\ovfsthxxaqdjyvq.dll
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
ComboFix 09-04-29.03 - tony 05/01/2009 8:34.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.167 [GMT -5:00]
Running from: c:\documents and settings\tony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tony\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ovfsthxayinuefk.sys
c:\windows\system32\ovfsthxcsafnrhy.dll
c:\windows\system32\ovfsthxlbkewysb.dll
c:\windows\system32\ovfsthxncabbpbx.dat
c:\windows\system32\ovfsthxnuwqomdr.dat
c:\windows\system32\ovfsthxxaqdjyvq.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-5-1 )))))))))))))))))))))))))))))))
.

2009-04-29 04:46 . 2009-04-29 04:46 -------- d-----w c:\program files\Trend Micro
2009-04-25 20:16 . 2009-04-25 21:16 3532 ----a-w C:\drmHeader.bin
2009-04-07 02:37 . 2009-04-07 02:37 -------- d-----w c:\windows\system32\IOSUBSYS
2009-04-07 02:36 . 2009-04-07 02:37 -------- d-----w c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 05:55 . 2006-12-27 23:33 -------- d-----w c:\program files\DVDFab Platinum
2009-04-27 05:11 . 2007-12-07 07:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 06:16 . 2009-03-27 06:16 -------- d-----w c:\program files\Windows Media Connect 2
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_07.21.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 13:38 . 2009-05-01 13:38 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2005-05-26 09:16 . 2008-10-16 19:09 43544 c:\windows\system32\wups2.dll
+ 2006-10-07 17:32 . 2008-10-16 19:08 34328 c:\windows\system32\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:09 51224 c:\windows\system32\wuauclt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\userinit.exe
+ 2009-04-30 07:24 . 2008-10-16 19:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-04-30 07:24 . 2008-10-16 19:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2006-10-07 17:32 . 2008-10-16 19:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\userinit.exe
+ 2004-08-04 12:00 . 2008-10-16 19:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2006-10-07 17:40 . 2009-05-01 06:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-07 17:40 . 2009-05-01 06:54 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-07 17:40 . 2009-05-01 06:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-07 17:40 . 2009-04-30 07:19 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 12:00 . 2008-10-16 19:09 92696 c:\windows\system32\cdm.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 202776 c:\windows\system32\wuweb.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 323608 c:\windows\system32\wucltui.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 561688 c:\windows\system32\wuapi.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-10-07 17:32 . 2008-10-16 19:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 1809944 c:\windows\system32\wuaueng.dll
+ 2006-10-07 17:32 . 2008-10-16 19:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAFA9088-EB9F-450B-8A85-C47FB47B1E24}]
c:\windows\system32\dbnmpnt.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 86105]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-29 144792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"P2kAutostart"=
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AutoProfileRepair"="c:\program files\Oracle\Outlook Connector\profilerepair.exe" -msi
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\tennis\\vtennis\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Service

R2 ocautoupds;Oracle Connector Automatic Updates Service; [x]
R3 axvdkbus;axvdkbus;c:\windows\system32\DRIVERS\axvdkbus.sys [2003-02-26 8672]
R3 axvodka;axvodka;c:\windows\system32\DRIVERS\axvodka.sys [2003-02-27 102272]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-06-18 17920]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-05-04 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
S0 uiplehef;uiplehef; [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63bf5c08-5659-11db-b52e-00c09fc24045}]
\Shell\AutoRun\command - E:\pstart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0fa4b7c-457c-11dd-b9cf-0014a5111eb3}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca70f442-5b28-11db-b545-00c09fc24045}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PortableVaultAES.exe
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5400
uInternet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Show All Original Images - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
IE: Show Original Image - c:\program files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\tony\Application Data\Mozilla\Firefox\Profiles\zrrmcc96.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 08:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5324)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-05-01 8:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 13:46
ComboFix2.txt 2009-05-01 13:20
ComboFix3.txt 2009-04-30 17:56
ComboFix4.txt 2009-04-30 07:29

Pre-Run: 16,072,617,984 bytes free
Post-Run: 16,068,509,696 bytes free

207 --- E O F --- 2008-01-22 22:22
 
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 01, 2009 14:52:27
Records in database: 2117868
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 57849
Threat name: 5
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 02:19:43


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01F80000\47F94400.VBN Infected: Packed.JS.Agent.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01F80003\47F94590.VBN Infected: Trojan-Downloader.JS.Zapchast.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01F80004\47F9459A.VBN Infected: Packed.JS.Agent.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A080000\4F7B3099.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A080001\4F7B30F1.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A080002\4F7B30FF.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D6C0000\4F6F0082.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D6C0001\4F6F00A7.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D6C0002\4F6F00AD.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E540000\4F759267.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1C440000\5F6F0365.VBN Infected: Backdoor.Win32.Rbot.bmo 1
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\Documents and Settings\tony\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\autochk.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\loader49.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.vrqz 1
C:\Qoobox\Quarantine\C\WINDOWS\Temp\NOD20.tmp.vir Infected: Trojan-Spy.Win32.Agent.amjg 1

The selected area was scanned.
____________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:20 AM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
O2 - BHO: (no name) - {CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - C:\WINDOWS\system32\dbnmpnt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/software/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Unknown owner - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9743 bytes


Once again thanks for all the help.
 
Empty these folders:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\
C:\Qoobox\Quarantine\

Empty Recycle Bin.

Still problems?
 
Sigh* unfortunately yes:sad:

I thought I got rid of it before I posted this thread and ran spybot but spyware protect 2009 is in my taskbar on the bottom right and while I was searching through my windows explorer to delete the items you told me too it keeps forcing my browser open with dumb pages about infections and whatnot.

Just in case this is what you want next here is my new hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:34 PM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;127.0.0.1:5400;update.microsoft.com;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;*mcafee.com;*.mapquest.com;*.phobos.apple.com;update.adobe.com;admin.isp.netscape.com;localhost;<local>
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: (no name) - {CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - C:\WINDOWS\system32\dbnmpnt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/software/ImageUploader4.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Oracle Connector Automatic Updates Service (ocautoupds) - Unknown owner - C:\Program Files\Oracle\Outlook Connector\ocautoupds.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10099 bytes
 
Open HijackThis, click do a system scan only and checkmark these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (unless you have set it)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400 (unless you have set it)
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: (no name) - {CAFA9088-EB9F-450B-8A85-C47FB47B1E24} - C:\WINDOWS\system32\dbnmpnt.dll (file missing)
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe

Close all windows including browser and press fix checked.

Reboot.

Delete these if exist:

C:\WINDOWS\system32\iehelper.dll
C:\WINDOWS\sysguard.exe

Empty Recycle Bin.

Post back a fresh HijackThis log and tell me if you have any issues left?
 
As of right now, no! Hopefully we are done but I will report back most likely tomorrow after using my computer for a period of time.

While I was searching though I found this and was wondering if I should leave it alone: SYSGUARD.EXE-39D8A190.pf, which was under a folder called Prefetch.

It may be a dumb question but is it okay to run and install my microsoft updates? I didn't want to mess around with anything until we were done but then again these are updates from my OS.
 
You must log in or register to reply here.
Back
Top