Help is appreciated, thanks :p.

Status
Not open for further replies.
R

Requill

New member
DO NOT PLAY PARTYPOKER! ILL EXPLAIN (NOT SURE IF THIS DESERVERS A STICKY)

Result: 1 malware found
Trojan-Downloader.Java.OpenStream.ac (virus)
C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-30e2590-3b158593.zip\OP.class

I can post the whole log but i've used many different scanners all coming up to the same thing.
This happened to me about a year ago, I tried everything and no one had an answer to it, so I reformated. Now that isn't an answer because I have some important files on the computer.
The malware always tries loading something everytime I log on my computer, which i have no clue what it is doing. This all happened about after ONE GAME OF PARTY POKER. This happened from the same game twice, one last year and one yesterday. I know you'll say "Well don't play it again" which I vowed never to play it again but I simply forgot. I think it matches up cause partypoker uses java?

All in all I need some instructions to get rid of these cause no program will and just DONT PLAY PARTYPOKER.
 
Ugh, I need help urgently. If no one wants to whatever.
C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-30e2590-3b158593.zip\OP.class

Is this okay to delete manually?
 
I'm sure the virus has spread since the start of the topic because I've had system control on and another process has tried messing with the system.
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:00 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc11rj0e3c1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dan\Local Settings\Temp\.ttD1.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [lphc11rj0e3c1] C:\WINDOWS\system32\lphc11rj0e3c1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10491 bytes
 
Hello Requill

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

By replying to your own post you removed yourself from the Zero replies category that our helpers look for to work logs.


We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.

  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.

We do not ask you to do this without reason.


P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
Click to expand...

Go to your Add Remove Programs in the Control Panel and uninstall both Bit Torrent and Bit Comet and then post a new HJT log please
 
I get this error alot, I get new warnings saying i'm very low on local disk memory now, and my screen saver has now been turned into a blue screen.
malcodegk9.png

I don't see any bitcoment program installed and I don't have folder of it, i've removed Bit Torrent, Limewire, ect.

HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:20 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc11rj0e3c1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dan\Local Settings\Temp\.ttD1.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [lphc11rj0e3c1] C:\WINDOWS\system32\lphc11rj0e3c1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10440 bytes
 
Good Morning,

You still have BitComet running :red:

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127
\SearchSettings.dll

O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [lphc11rj0e3c1] C:\WINDOWS\system32\lphc11rj0e3c1.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) G
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) G
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe




Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, uses system resources and basically is not needed for anything. Uninstall PartyPoker also as using these programs sometimes will include malware.




Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.



You need to enable windows to show all files and folders, instructions Here

Delete the files and folders in red

C:\Program Files\BitComet
C:\Program Files\Search Settings
C:\Program Files\Viewpoint

C:\WINDOWS\system32\lphc11rj0e3c1.exe
C:\Documents and Settings\Dan\Local Settings\Temp\.ttD1.tmp






Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a New Hijackthis log.


Post the Malwarebytes log and a new HJT log and let me know if your still getting that message from F Secure
 
Im not sure if my screensaver went back to normal, it turned into a blue screen ever since the virus. But the F-Secure message isn't happening after this, I logged onto like 50 of them.

Malware Bytes Log

Malwarebytes' Anti-Malware 1.25
Database version: 1081
Windows 5.1.2600 Service Pack 2

12:45:20 PM 8/24/2008
mbam-log-08-24-2008 (12-45-16).txt

Scan type: Quick Scan
Objects scanned: 45253
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\blphc11rj0e3c1.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phc11rj0e3c1.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\ijjistarter2.exe (Trojan.Agent) -> No action taken.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:43 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe

--
End of file - 9119 bytes
 
Hello,

You need to follow the instructions that I posted, malwarebytes found some nasty stuff and you have it set to TAKE NO ACTION that really did not accomplish much. Have you gone back into Malwarebytes and corrected that?

Per my instructions for Malwarebytes
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
 
Yes, I saw the "TAKE NO ACTION" flaw. Something is wrong with thier logs, I cleaned them. When I posted the log I saw the flaw and rescanned and there was not one infection. Ill post another.
 
No need for the Malwarebytes log right now, your HJT log looks fine but there may be more of this garbage hiding.

Download ComboFix from Here or Here to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net


2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
 
How are we looking now?
COMBO FIX LOGComboFix 08-08-23.03 - Dan 2008-08-24 17:16:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.460 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dan\Application Data\.#
C:\Documents and Settings\Dan\Application Data\.#\MBX@908@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@908@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@A9C@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@A9C@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@ADC@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@ADC@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@B08@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@B08@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@BB4@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@BB4@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@DC8@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@DC8@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@EFC@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@EFC@B048F0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@F5C@B048E0.###
C:\Documents and Settings\Dan\Application Data\.#\MBX@F5C@B048F0.###
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\#SharedObjects\ASM2FXSM\interclick.com
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\#SharedObjects\ASM2FXSM\interclick.com\ud.sol
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Dan\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 12:37 . 2008-08-24 12:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 12:37 . 2008-08-24 12:37 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Malwarebytes
2008-08-24 12:37 . 2008-08-24 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 12:37 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 12:37 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 15:41 . 2008-08-23 15:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 16:48 . 2008-08-21 18:12 <DIR> d-------- C:\Program Files\CommView
2008-08-21 16:48 . 2008-06-06 12:54 47,144 --a------ C:\WINDOWS\system32\tsnotify.dll
2008-08-21 16:48 . 2008-06-06 12:54 39,976 --a------ C:\WINDOWS\system32\drivers\tscomm.sys
2008-08-21 16:48 . 2007-06-19 23:35 24,096 --a------ C:\WINDOWS\system32\drivers\ts_lb.sys
2008-08-21 16:48 . 2006-12-07 22:04 19,240 --a------ C:\WINDOWS\system32\drivers\cv2k1.sys
2008-08-21 13:36 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-08-21 13:35 . 2008-08-21 13:36 <DIR> d-------- C:\Program Files\Hide My IP 2008
2008-08-20 03:48 . 2008-08-20 03:48 0 --a------ C:\WINDOWS\system32\330D.tmp
2008-08-20 03:46 . 2008-08-20 03:46 0 --a------ C:\WINDOWS\system32\32D9.tmp
2008-08-19 19:27 . 2008-08-19 19:27 0 --a------ C:\WINDOWS\system32\1BAD.tmp
2008-08-19 19:25 . 2008-08-19 19:25 0 --a------ C:\WINDOWS\system32\1B9D.tmp
2008-08-18 18:08 . 2008-08-18 18:08 0 --a------ C:\WINDOWS\system32\9.tmp
2008-08-18 18:07 . 2008-08-18 18:07 0 --a------ C:\WINDOWS\system32\2.tmp
2008-08-18 18:03 . 2008-08-18 18:03 0 --a------ C:\WINDOWS\system32\17.tmp
2008-08-18 18:01 . 2008-08-18 18:01 0 --a------ C:\WINDOWS\system32\4.tmp
2008-08-16 22:05 . 2008-08-24 17:25 <DIR> d-------- C:\Program Files\Steam
2008-08-03 14:05 . 2008-08-03 14:06 <DIR> d-------- C:\Program Files\Astonia3
2008-07-28 21:45 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-07-28 21:45 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2008-07-27 23:40 . 2008-07-27 23:40 <DIR> d-------- C:\Program Files\dvd43
2008-07-27 23:40 . 2008-07-27 23:40 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-07-27 23:36 . 2008-07-27 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-27 23:35 . 2008-07-28 17:07 <DIR> d-------- C:\Program Files\NCH Software
2008-07-27 23:35 . 2008-07-27 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-27 23:33 . 2008-07-27 23:33 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Search Settings
2008-07-27 23:14 . 2008-07-28 17:10 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-07-27 13:51 . 2008-07-27 14:01 <DIR> d-------- C:\Program Files\MyMobster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-24 07:02 --------- d-----w C:\Program Files\DNA
2008-08-20 18:33 --------- d-----w C:\Program Files\Graal
2008-08-17 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 02:03 --------- d-----w C:\Program Files\Conquer 2.0
2008-08-17 02:03 --------- d-----w C:\Program Files\Cheat Engine
2008-07-28 21:07 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 04:31 --------- d-----w C:\Program Files\DVDneXtCOPY2
2008-07-23 04:31 --------- d-----w C:\Program Files\Common Files\DistributeShield
2008-07-23 04:31 --------- d-----w C:\Program Files\AoA DVD Copy
2008-07-22 16:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-22 15:42 --------- d-----w C:\Documents and Settings\Dan\Application Data\dvdcss
2008-07-22 14:41 --------- d-----w C:\Program Files\Common Files\DVDnextCOPY2
2008-07-21 15:41 --------- d-----w C:\Program Files\Common Files\Astonsoft
2008-07-21 15:41 --------- d-----w C:\Program Files\Astonsoft
2008-07-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astonsoft
2008-07-21 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-13 04:48 --------- d-----w C:\Program Files\QuickTime
2008-07-11 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-11 18:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 18:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 00:12 0 ----a-w C:\Documents and Settings\Dan\jagex_runescape_preferences.dat
2008-06-24 22:44 --------- d-----w C:\Documents and Settings\Dan\Application Data\LimeWire
2008-06-24 19:20 --------- d-----w C:\Documents and Settings\Dan\Application Data\Azureus
2008-06-24 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-08-16 23:03 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" [2007-11-01 07:42 182936]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2007-11-01 07:42 739936]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01 135264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 05:15 75520]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-04-09 10:00 826880]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 08:21]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2008-02-13 07:14]
R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2007-06-19 23:35]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-11-01 07:42]
R3 SecureSrv;SecureSrv;C:\Program Files\Hide My IP 2008\SecureSrv.exe [2008-03-13 15:36]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys [2008-06-06 12:54]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-12-07 22:04]
S3 DBKDRVR54;DBKDRVR54;C:\Program Files\Cheat Engine\dbk32.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 07:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-11-01 07:42]
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-24 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\CHARTE~1\ANTI-V~1\fsav.exe [2007-11-01 07:42]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://usatoday.com/
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O16 -: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
C:\WINDOWS\Downloaded Program Files\OSD28E7.OSD
C:\WINDOWS\Downloaded Program Files\RSGameLoader.dll

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 17:23:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\securenet.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSLAUNCH.EXE
.
**************************************************************************
.
Completion time: 2008-08-24 17:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 21:35:03

Pre-Run: 1,048,473,600 bytes free
Post-Run: 3,157,749,760 bytes free

209 --- E O F --- 2008-08-19 21:57:45
 
Hi,

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Code: 
File::
C:\WINDOWS\system32\330D.tmp
C:\WINDOWS\system32\32D9.tmp
C:\WINDOWS\system32\1BAD.tmp
C:\WINDOWS\system32\1B9D.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\4.tmp

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.







Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

Double click gmer.exe to begin:
  • If you get a message about "system modification", click Yes and work through the rest of the instructions.
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them separately.
The Preview option may show the whole logs being posted, but they sometimes get cut down when the actual post is made, so check the post once it is completed.
 
Last edited:
Going to run the gmer.zip right after this
NEW COMBO FIX LOG
ComboFix 08-08-23.03 - Dan 2008-08-24 18:40:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.653 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\1B9D.tmp
C:\WINDOWS\system32\1BAD.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\32D9.tmp
C:\WINDOWS\system32\330D.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\9.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\1B9D.tmp
C:\WINDOWS\system32\1BAD.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\32D9.tmp
C:\WINDOWS\system32\330D.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\9.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 12:37 . 2008-08-24 12:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 12:37 . 2008-08-24 12:37 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Malwarebytes
2008-08-24 12:37 . 2008-08-24 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 12:37 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 12:37 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 15:41 . 2008-08-23 15:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 16:48 . 2008-08-21 18:12 <DIR> d-------- C:\Program Files\CommView
2008-08-21 16:48 . 2008-06-06 12:54 47,144 --a------ C:\WINDOWS\system32\tsnotify.dll
2008-08-21 16:48 . 2008-06-06 12:54 39,976 --a------ C:\WINDOWS\system32\drivers\tscomm.sys
2008-08-21 16:48 . 2007-06-19 23:35 24,096 --a------ C:\WINDOWS\system32\drivers\ts_lb.sys
2008-08-21 16:48 . 2006-12-07 22:04 19,240 --a------ C:\WINDOWS\system32\drivers\cv2k1.sys
2008-08-21 13:36 . 2007-07-11 11:11 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2008-08-21 13:35 . 2008-08-21 13:36 <DIR> d-------- C:\Program Files\Hide My IP 2008
2008-08-16 22:05 . 2008-08-24 17:40 <DIR> d-------- C:\Program Files\Steam
2008-08-03 14:05 . 2008-08-03 14:06 <DIR> d-------- C:\Program Files\Astonia3
2008-07-28 21:45 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-07-28 21:45 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll
2008-07-27 23:40 . 2008-07-27 23:40 <DIR> d-------- C:\Program Files\dvd43
2008-07-27 23:40 . 2008-07-27 23:40 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-07-27 23:36 . 2008-07-27 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-27 23:35 . 2008-07-28 17:07 <DIR> d-------- C:\Program Files\NCH Software
2008-07-27 23:35 . 2008-07-27 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-27 23:33 . 2008-07-27 23:33 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Search Settings
2008-07-27 23:14 . 2008-07-28 17:10 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-07-27 13:51 . 2008-07-27 14:01 <DIR> d-------- C:\Program Files\MyMobster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-24 07:02 --------- d-----w C:\Program Files\DNA
2008-08-20 18:33 --------- d-----w C:\Program Files\Graal
2008-08-17 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 02:03 --------- d-----w C:\Program Files\Conquer 2.0
2008-08-17 02:03 --------- d-----w C:\Program Files\Cheat Engine
2008-07-28 21:07 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 04:31 --------- d-----w C:\Program Files\DVDneXtCOPY2
2008-07-23 04:31 --------- d-----w C:\Program Files\Common Files\DistributeShield
2008-07-23 04:31 --------- d-----w C:\Program Files\AoA DVD Copy
2008-07-22 16:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-22 15:42 --------- d-----w C:\Documents and Settings\Dan\Application Data\dvdcss
2008-07-22 14:41 --------- d-----w C:\Program Files\Common Files\DVDnextCOPY2
2008-07-21 15:41 --------- d-----w C:\Program Files\Common Files\Astonsoft
2008-07-21 15:41 --------- d-----w C:\Program Files\Astonsoft
2008-07-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astonsoft
2008-07-21 15:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-13 04:48 --------- d-----w C:\Program Files\QuickTime
2008-07-11 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-11 18:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 18:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 00:12 0 ----a-w C:\Documents and Settings\Dan\jagex_runescape_preferences.dat
2008-06-24 22:44 --------- d-----w C:\Documents and Settings\Dan\Application Data\LimeWire
2008-06-24 19:20 --------- d-----w C:\Documents and Settings\Dan\Application Data\Azureus
2008-06-24 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-08-16 23:03 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" [2007-11-01 07:42 182936]
"F-Secure TNB"="C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" [2007-11-01 07:42 739936]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 02:01 135264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 05:15 75520]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-04-09 10:00 826880]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-03-17 08:21]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys [2008-02-13 07:14]
R1 ts_lb;ts_lb;C:\WINDOWS\system32\drivers\ts_lb.sys [2007-06-19 23:35]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-11-01 07:42]
R3 SecureSrv;SecureSrv;C:\Program Files\Hide My IP 2008\SecureSrv.exe [2008-03-13 15:36]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;C:\WINDOWS\system32\DRIVERS\tscomm.sys [2008-06-06 12:54]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [2006-12-07 22:04]
S3 DBKDRVR54;DBKDRVR54;C:\Program Files\Cheat Engine\dbk32.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 07:42]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-11-01 07:42]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-24 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\CHARTE~1\ANTI-V~1\fsav.exe [2007-11-01 07:42]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 18:44:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\securenet.dll
.
Completion time: 2008-08-24 18:49:10
ComboFix-quarantined-files.txt 2008-08-24 22:48:08
ComboFix2.txt 2008-08-24 21:35:48

Pre-Run: 3,101,601,792 bytes free
Post-Run: 3,141,189,632 bytes free

159 --- E O F --- 2008-08-19 21:57:45
 
GMER LOGGMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-24 19:16:28
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwCreateProcess [0xF7941740]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwCreateProcessEx [0xF794175A]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwLoadDriver [0xF7940FB2]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwOpenSection [0xF7941266]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwRenameKey [0xF794214E]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwSetSystemInformation [0xF7941160]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwSuspendProcess [0xF79409C6]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwSuspendThread [0xF7940C12]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwSystemDebugControl [0xF7940E8E]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwTerminateProcess [0xF79408AC]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwTerminateThread [0xF7940ADE]
SSDT \??\C:\Program Files\Charter High-Speed Security Suite\HIPS\fshs.sys ZwWriteVirtualMemory [0xF7940D46]

Code \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [ C6, 09, 94, F7, 12, 0C, 94, ... ]
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.14 ----

Device \Driver\Tcpip \Device\Ip fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip ts_lb.sys (CommView Loopback Driver 2000/XP/2003 (Intel, 32-bit)/TamoSoft)

Device \Driver\Tcpip \Device\Tcp fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp ts_lb.sys (CommView Loopback Driver 2000/XP/2003 (Intel, 32-bit)/TamoSoft)

Device \Driver\Tcpip \Device\Udp fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp ts_lb.sys (CommView Loopback Driver 2000/XP/2003 (Intel, 32-bit)/TamoSoft)

Device \Driver\Tcpip \Device\RawIp fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp ts_lb.sys (CommView Loopback Driver 2000/XP/2003 (Intel, 32-bit)/TamoSoft)

Device \Driver\Tcpip \Device\IPMULTICAST fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
 
Here you are.
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:27 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSLAUNCH.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe

--
End of file - 8461 bytes
 
Things look good, I had you run GMER to make sure there was not a Rootkit infection present that we may have missed.

GMER <--- Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • CF_Cleanup.png

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



How are things running now ??
 
I removed combofix as directed and i'm going to keep these new programs. ATF cleaned 800MB. I'm very interested by your skills toward identifying the problem through all the clutter and hopefully try to learn a bit for myself from this incident, seems like some really nice skills to have instead of resorting to reformating. Everythings working wonderfully and thanks alot, you rock. :2thumb:
 
Status
Not open for further replies.
Back
Top