Explorer.exe

T

Tony Tucker

New member
Hello, I think there could be something wrong with my computer. When I look at my task manager Explorer.exe is running at about 6% to 8% even when my computer is idle and doing nothing. It did not used to do this. I have noticed however that when I put my CA antivirus on snooze explorer.exe goes back to zero straight away and when I unsnooze it goes up to 6% to 8% again. This is my Hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:39 a.m., on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MINDAlink\mlp_manager.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.playtech.co.nz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDDAEDD-5E84-4252-8351-D90A355AEF3A}: NameServer = 202.180.64.10 202.180.64.11
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7378 bytes
 
Sorry this is my Hijack log unword wrapped.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:39 a.m., on 16/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MINDAlink\mlp_manager.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.playtech.co.nz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDDAEDD-5E84-4252-8351-D90A355AEF3A}: NameServer = 202.180.64.10 202.180.64.11
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7378 bytes
 
Hello Tashi, sorry about that. This is my current up to date HighJack This log as follows.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:15 p.m., on 23/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MINDAlink\mlp_manager.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.playtech.co.nz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDDAEDD-5E84-4252-8351-D90A355AEF3A}: NameServer = 202.180.64.10 202.180.64.11
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7349 bytes
 
Hello Tony

Welcome to Safer Networking.

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


Explorer will fluctuate depending on how many programs you have open.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes' Anti-Malware from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    post_a4255_MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
 
Hello Ken, here is my report as follows
Malwarebytes' Anti-Malware 1.41
Database version: 3049
Windows 5.1.2600 Service Pack 3

29/10/2009 12:10:08 p.m.
mbam-log-2009-10-29 (12-10-08).txt

Scan type: Quick Scan
Objects scanned: 102608
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jkkji.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\Mission01.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission02.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission03.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission04.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission05.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission06.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission07.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission08.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission09.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Mission10.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Training01.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Training02.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Training03.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Training04.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Here is my new Hijackthis report as follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:52 p.m., on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MINDAlink\mlp_manager.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.playtech.co.nz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDDAEDD-5E84-4252-8351-D90A355AEF3A}: NameServer = 202.180.64.10 202.180.64.11
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 7301 bytes
 
Hello,

Do you use these two programs and know them to be safe ?

C:\Program Files\MINDAlink
C:\PROGRA~1\Firebird



The rest of your log looks fine, how are things running now ?
 
Hello Ken, I do not know what that Firebird programme is. My explorer.exe is still running at about 8 to 10% even when the computer is doing nothing. I am wondering if that Firebird programme is a bad thing.
 
Hi,

Open Hijackthis
  • Go to Misc Tools> Open Uninstall Manager.
  • Click on Save List.
  • The list will open in Notepad.
  • Copy and Paste the List into this thread
 
Hello Ken, the following is the uninstall list.
"Faces of War" (Remove Only)
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 8
AGEIA PhysX v2.3.3
Baldur's Gate(TM) II - Shadows of Amn(TM)
Battleship 2
BOILING POINT
CA Anti-Virus
Celtic Kings -- Rage of War
Clive Barker's Undying(tm)
Conflict Desert Storm II
DOOM II
Dungeon Lords
Dungeon Lords
DVD Region+CSS Free 5.9.4.0
DVD Solution
ERUNT 1.1j
Evil Islands
GetRight
Ghost Recon
Ghost Recon Advanced Warfighter
Gods - Lands of Infinity
Ground Control II
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Icewind Dale II
Interstate '76 Nitro Pack
Jagged Alliance 2 Gold Pack
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
Medal of Honor Allied Assault
Medal of Honor Pacific Assault(tm)
Medal of Honor Pacific Assault(tm) Patch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MINDA Software
Morrowind
Multimedia Launcher
Nero OEM
Neverwinter Nights
NVIDIA Drivers
NVIDIA DVD Decoder
NVIDIA Media Center extensions for DVD
Prince of Persia T2T
Realtek AC'97 Audio
Redline
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Sound Blaster 5.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sudden Strike Gold
Sunbelt Personal Firewall
Supreme Commander Demo
System Requirements Lab
Terracide
TES Construction Set
Tomb Raider: Legend 1.0
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Vibration Joystick
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Zboard (TM) Software
 
Hi,

I don't see an uninstall for Firebird. It appears to be legit. Is this computer one that you have gotten used from someone else.

http://www.file.net/process/fbguard.exe.html



You can go to Start > Run and type in services.msc and enter, then scroll to these two entries, right click on each one and select Properties and set the start up type to Disabled . Ok your way out and see if this made a difference, if it causes issues which it should not you can go back and re enable them

FirebirdGuardianDefaultInstance
FirebirdServerDefaultInstance
 
Hello Ken, I bought my computer brand new. I did disable these two things but then I put them back like they were because when I restarted the computer it said there was an error. Another message came up saying there was something wrong with my Mindalink programme so I suppose this Firebird works together with Mindalink. Are you wanting me to download RegistryBooster and scan my computer with it?
 
Tony,

MINDA Software <--Mindalink and Firebird appear to be linked together, did you install and use this software ?

One thing you don't want to do is run any registry cleaners. Remove the wrong entries and you can make your system inoperable.
 
Hello Ken, yes I was the one that installed and uses Mindalink. I have looked on the internet and found out that there is a "clicktilluwin" thing associated with explorer.exe and I have found this "clicktilluwin" when I searched my registry. I don't know if this means anything or not.
 
Hello Ken, I do not use file sharing programmes. I have downloaded Stopzilla and run the scan but it says I have to register it to remove the things it has found.
 
OK,

Sorry, I thought it was the free version.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Hello Ken, this is my Combofix log as follows
ComboFix 09-11-03.03 - Brian 04/11/2009 23:08.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.549 [GMT 13:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\aabdeg.ini
c:\windows\bedgjl.ini
c:\windows\kb913800.exe
c:\windows\oqprqr.ini
c:\windows\system32\Data
c:\windows\xyybbc.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-02 19:02 . 2009-11-02 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-02 19:02 . 2009-11-02 19:02 -------- d-----w- c:\program files\STOPzilla!
2009-11-02 19:02 . 2009-11-02 19:02 -------- d-----w- c:\program files\Common Files\iS3
2009-11-02 19:02 . 2009-11-04 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-28 22:39 . 2009-10-28 22:39 -------- d-----w- c:\documents and settings\Brian\Application Data\Malwarebytes
2009-10-28 22:38 . 2009-09-10 01:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 22:38 . 2009-10-28 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 22:38 . 2009-10-28 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 22:38 . 2009-09-10 01:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 22:08 . 2009-10-26 22:08 545424 ----a-r- c:\windows\system32\SZComp5.dll
2009-10-26 22:08 . 2009-10-26 22:08 402064 ----a-r- c:\windows\system32\SZBase5.dll
2009-10-26 21:59 . 2009-10-26 21:59 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-10-20 01:40 . 2009-10-20 01:40 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-10-20 01:40 . 2009-10-20 01:40 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-10-20 01:38 . 2009-10-20 01:38 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-10-20 01:37 . 2009-10-20 01:37 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-10-20 01:37 . 2009-10-20 01:37 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-10-20 01:35 . 2009-10-20 01:35 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-10-20 01:35 . 2009-10-20 01:35 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-10-20 01:35 . 2009-10-20 01:35 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-10-20 01:31 . 2009-10-20 01:31 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-10-14 17:29 . 2009-10-14 17:29 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-14 17:29 . 2009-10-14 17:29 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-14 08:34 . 2009-10-28 22:35 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 09:36 . 2006-05-13 20:46 -------- d-----w- c:\program files\GetRight
2009-11-04 09:35 . 2009-11-04 09:35 328 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-03 10:56 . 2009-10-03 10:56 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-03 10:56 . 2009-10-03 10:56 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-10-01 09:00 . 2006-03-08 23:39 1033728 ----a-w- c:\windows\explorer.exe
2009-09-29 07:38 . 2009-09-29 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\POP3Profiles
2009-09-11 14:18 . 2006-03-08 23:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 09:24 . 2007-07-11 09:38 -------- d-----w- c:\program files\Ubisoft
2009-09-11 09:24 . 2006-03-09 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 21:03 . 2006-03-08 23:39 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 10:18 . 2008-07-21 10:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-26 08:00 . 2006-03-08 23:40 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-09-04 01:35 . 2006-03-23 21:12 0 ----a-w- c:\program files\ScriptErrors.txt
2004-10-01 23:00 . 2006-03-09 17:17 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2003-08-26 08:22 . 2008-08-19 00:50 3992958 ------w- c:\program files\CDS II.EXE
2003-08-20 09:18 . 2008-08-19 00:51 15805034 ----a-w- c:\program files\training04.dat
2003-08-20 08:04 . 2008-08-19 00:51 22771608 ----a-w- c:\program files\training02.dat
2003-08-20 01:47 . 2008-08-19 00:51 29273392 ----a-w- c:\program files\mission10.dat
2003-08-20 01:45 . 2008-08-19 00:50 10124929 ----a-w- c:\program files\chardata.dat
2003-08-20 01:44 . 2008-08-19 00:51 30075560 ----a-w- c:\program files\mission09.dat
2003-08-20 01:42 . 2008-08-19 00:51 24121273 ----a-w- c:\program files\mission08.dat
2003-08-20 01:40 . 2008-08-19 00:51 26365316 ----a-w- c:\program files\mission07.dat
2003-08-20 01:38 . 2008-08-19 00:51 25956451 ----a-w- c:\program files\mission06.dat
2003-08-20 01:36 . 2008-08-19 00:51 28174672 ----a-w- c:\program files\mission05.dat
2003-08-20 01:34 . 2008-08-19 00:51 22863301 ----a-w- c:\program files\mission04.dat
2003-08-20 01:33 . 2008-08-19 00:51 25251751 ----a-w- c:\program files\mission03.dat
2003-08-20 01:31 . 2008-08-19 00:50 30691944 ----a-w- c:\program files\mission02.dat
2003-08-20 01:29 . 2008-08-19 00:50 29289951 ----a-w- c:\program files\mission01.dat
2003-08-20 01:26 . 2008-08-19 00:51 17224834 ----a-w- c:\program files\training03.dat
2003-08-20 01:22 . 2008-08-19 00:51 16584121 ----a-w- c:\program files\training01.dat
2003-08-20 01:19 . 2008-08-19 00:50 257245 ----a-w- c:\program files\FrontEnd.dat
2003-08-20 01:19 . 2008-08-19 00:51 2447326 ----a-w- c:\program files\catalog.dat
2003-08-20 00:56 . 2008-08-19 00:51 7029197 ----a-w- c:\program files\mission10.sch
2003-08-20 00:55 . 2008-08-19 00:51 8022688 ----a-w- c:\program files\mission09.sch
2003-08-20 00:53 . 2008-08-19 00:51 7867105 ----a-w- c:\program files\mission08.sch
2003-08-20 00:51 . 2008-08-19 00:51 7306518 ----a-w- c:\program files\mission07.sch
2003-08-20 00:49 . 2008-08-19 00:51 7327195 ----a-w- c:\program files\mission06.sch
2003-08-20 00:48 . 2008-08-19 00:51 6482025 ----a-w- c:\program files\mission05.sch
2003-08-20 00:46 . 2008-08-19 00:51 6552978 ----a-w- c:\program files\mission04.sch
2003-08-20 00:45 . 2008-08-19 00:51 10336842 ----a-w- c:\program files\mission03.sch
2003-08-20 00:43 . 2008-08-19 00:51 9970473 ----a-w- c:\program files\mission02.sch
2003-08-20 00:41 . 2008-08-19 00:50 9775822 ----a-w- c:\program files\mission01.sch
2003-08-20 00:37 . 2008-08-19 00:51 11480020 ----a-w- c:\program files\training03.sch
2003-08-20 00:36 . 2008-08-19 00:51 9570464 ----a-w- c:\program files\training02.sch
2003-08-20 00:35 . 2008-08-19 00:51 9482396 ----a-w- c:\program files\training04.sch
2003-08-20 00:33 . 2008-08-19 00:51 11963776 ----a-w- c:\program files\training01.sch
2003-08-20 00:31 . 2008-08-19 00:50 75396 ----a-w- c:\program files\FrontEnd.sch
2003-08-08 05:45 . 2008-08-19 00:50 3686 ----a-w- c:\program files\default.key
2003-03-25 22:56 . 2008-08-19 00:51 357939 ----a-w- c:\program files\binkw32.dll
2002-06-05 12:09 . 2008-02-26 06:09 966016 ----a-w- c:\program files\chitin.key
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mlp_manager"="c:\program files\MINDAlink\mlp_manager.exe" [2006-09-04 2865664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"CAVRID"="c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2009-10-14 230664]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2006-6-17 2301952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
2003-09-02 19:14 49152 ----a-w- c:\windows\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/05/2009 2:13 p.m. 61328]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26/04/2007 11:21 a.m. 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26/04/2007 11:21 a.m. 72624]
R2 FirebirdGuardianDefaultInstance;FirebirdGuardianDefaultInstance;c:\progra~1\Firebird\FIREBI~1\Bin\FBGuard.EXE -s --> c:\progra~1\Firebird\FIREBI~1\Bin\FBGuard.EXE -s [?]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26/04/2007 11:21 a.m. 1234480]
R3 FirebirdServerDefaultInstance;FirebirdServerDefaultInstance;c:\progra~1\Firebird\FIREBI~1\Bin\fbserver.exe -s -g --> c:\progra~1\Firebird\FIREBI~1\Bin\fbserver.exe -s -g [?]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/05/2009 2:13 p.m. 61328]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: {CFDDAEDD-5E84-4252-8351-D90A355AEF3A} = 202.180.64.10 202.180.64.11
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-PowerBar - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 23:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~?????????????????'??????????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-823518204-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-11-04 23:19
ComboFix-quarantined-files.txt 2009-11-04 10:19

Pre-Run: 96,723,955,712 bytes free
Post-Run: 96,720,281,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Here is my Highjackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:04 p.m., on 04/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MINDAlink\mlp_manager.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [mlp_manager] C:\Program Files\MINDAlink\mlp_manager.exe
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.playtech.co.nz
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FirebirdGuardianDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\FBGuard.EXE
O23 - Service: FirebirdServerDefaultInstance - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\Bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 6536 bytes
 
Hi,

You can go ahead and uninstall Stopzilla via Add Remove programs in the Control Panel

You need to enable windows to show all files and folders, instructions Here


Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

c:\windows\system32\drivers\is3srv.sys <--This file



Logs look good, how are things running now ???
 
You must log in or register to reply here.
Back
Top