0

So i had the frmwrk32.exe or whatever it was called virus and i was searching around the forums for solutions. i deleted it (i believe) along with the Viewpoint Media Player. However, once i restarted, my task manager was disabled and my computer seemed to be even worse off. I managed to do a web search to manually open my task manager and i followed all the steps that DaniWeb asks people to do first and i think everything seems to be working okay after another restart. but i'd love to hear your opinions on the health of my computer.

my hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:00 PM, on 3/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [jiropefale] Rundll32.exe "C:\WINDOWS\system32\honumopi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [jiropefale] Rundll32.exe "C:\WINDOWS\system32\honumopi.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 5924 bytes

my jihackthis uninstall list
AC3Filter (remove only)
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Amazon MP3 Downloader 1.0.3
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ASUS Probe V2.23.04
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Avanquest update
AviSynth 2.5
BitTorrent 5.0.7
Bonjour
Catalyst Control Center - Branding
Day of Defeat: Source
DivX
DivX ;-) Audio Compressor 4.02
DivX Content Uploader
DivX Player
DivX Web Player
EPSON CardMonitor
EPSON Copy Utility 3
EPSON CX4600 Reference Guide
EPSON PhotoStarter3.2
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
FLV Player 2.0 (build 25)
Free Video to Mp3 Converter version 3.1
Gimp 2.6.1
GOM Player
GSpot Codec Information Appliance
Hamachi 1.0.3.0
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
IGN Download Manager 2.1.1
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iPodRip
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Lavasoft Reghance 2.1 -licensed-
Left 4 Dead
LimeWire 4.12.6
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Motorola Phone Tools
Mozilla Firefox (2.0.0.20)
Mpeg Layer3 Codec FHG-Radium v1.263
Nero 7 Demo
QuickTime
ScanToWeb
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Smart FLV Converter 3.3
SoulSeek Client 156c
SoundMAX
Steam(TM)
System Requirements Lab
Tribes 2
Trixie
UltraEdit-32
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Ventrilo Client
Videora iPod Converter 0.91
VirtualCloneDrive
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
World of Warcraft FREE Trial
Zombie Panic! 1.0
ZoneAlarm Pro
___
The Trixie.exe, i have no idea what that is but whenever i try to uninstall it, the window freezes. I also don't know what Avanquest update is.

and here is my mbam log

Malwarebytes' Anti-Malware 1.34
Database version: 1889
Windows 5.1.2600 Service Pack 2

3/23/2009 2:00:02 PM
mbam-log-2009-03-23 (14-00-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140429
Time elapsed: 1 hour(s), 3 minute(s), 15 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 14
Folders Infected: 0
Files Infected: 32

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\tefuzagi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\munijuri.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vokeloso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\honumopi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mazimiru.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00A46E4.dat (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2e0fb17-488f-40be-bff9-450f433e5f23} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2e0fb17-488f-40be-bff9-450f433e5f23} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2e0fb17-488f-40be-bff9-450f433e5f23} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00a46e4 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Rootkit.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\seneka (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a0c47e7d (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jiropefale (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma3f74de1 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wliga (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vokeloso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vokeloso.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mazimiru.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mazimiru.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mazimiru.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tefuzagi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\igazufet.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\honumopi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vokeloso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\munijuri.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mazimiru.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\__c00A46E4.dat (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Bobby Wong\Local Settings\Temp\wxosceanrm.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bobby Wong\Local Settings\Temp\Temporary Internet Files\Content.IE5\NFZH9YI6\SpywareRemover2009_Installer_Dual_br1_en[1].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bobby Wong\Local Settings\Temp\Temporary Internet Files\Content.IE5\NFZH9YI6\SpywareRemover2009_Installer_Dual_br1_en[2].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bobby Wong\Local Settings\Temp\Temporary Internet Files\Content.IE5\NFZH9YI6\SpywareRemover2009_Installer_Dual_br1_en[3].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bobby Wong\Local Settings\Temp\Temporary Internet Files\Content.IE5\NFZH9YI6\SpywareRemover2009_Installer_Dual_br1_en[4].exe (Rogue.SpywareRemover) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090323-122852-273.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gldx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jatipife.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\besehevi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dimadadu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\halaneho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekapfritett.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\senekaqmfwairk.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuzaduzi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekaqvpktkor.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\amoqovaru.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\998.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekabxenipjw.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekacgrojyvv.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalyxmplto.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.


any response will be much appreciated and thank you so much in advance!

3
Contributors
4
Replies
5
Views
8 Years
Discussion Span
Last Post by rivaladversary
0

u still have infection in your system because i believe u did not reboot right after u exit mbam and some files that were in used did not get deleted yet .
secondly i see you have more then two p2p softwares running on your system . i suggest you to uninstall them at least as of now .

go to the following site

http://www.combofix.org/download.php

and download combofix to your desktop , make sure that u rename it on the fly ( when your browser asks you where to download it , choose desktop and rename it to soft.exe )

DO NOT touch your keyboard and mouse during its scan and be very sure to exit every security software that you have on your system .

post its log here , as well as fresh hijack this log .

0

thanks for helping. i for some reason can't find the uninstall for bittorrent, but i doubt that's the case.

here's the combofix log

FW: ZoneAlarm Pro Firewall *enabled*
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\1000.exe
c:\windows\system32\drivers\senekabqaqgixe.sys
c:\windows\system32\iehelper.dll
c:\windows\system32\mcenspc.dll
c:\windows\system32\uniq.tll
c:\windows\Xtoyevam.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-26 19:25 . 2009-03-26 19:25 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-26 19:12 . 2009-03-26 19:12 61,440 --a------ c:\windows\system32\drivers\enot.sys
2009-03-26 19:07 . 2009-03-26 19:07 61,440 --a------ c:\windows\system32\drivers\egfugm.sys
2009-03-26 19:06 . 2009-03-26 19:15 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-26 19:06 . 2009-03-26 19:15 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-26 19:06 . 2009-03-26 19:15 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 19:06 . 2009-03-26 19:06 61,440 --a------ c:\windows\system32\drivers\thqnm.sys
2009-03-26 17:31 . 2009-03-26 17:31 <DIR> d-------- c:\documents and settings\BW\Application Data\vlc
2009-03-26 17:30 . 2009-03-26 17:30 <DIR> d-------- c:\program files\VideoLAN
2009-03-23 13:14 . 2009-03-23 13:14 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-23 12:53 . 2009-03-23 12:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 12:53 . 2009-03-23 12:53 <DIR> d-------- c:\documents and settings\BW\Application Data\Malwarebytes
2009-03-23 12:53 . 2009-03-23 12:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 12:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-23 11:33 . 2009-03-23 11:33 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Talkback
2009-03-23 10:04 . 2009-03-23 10:04 <DIR> d-------- c:\program files\Trend Micro
2009-03-21 00:20 . 2009-03-21 00:20 40,448 --a------ c:\windows\system32\KuzSmall.exe
2009-03-21 00:05 . 2009-03-21 00:05 42,496 --a------ c:\windows\system32\kuzSniper.exe
2009-03-20 23:49 . 2009-03-20 23:49 <DIR> d-------- c:\documents and settings\BW\Application Data\GRETECH
2009-03-20 23:48 . 2009-03-20 23:48 <DIR> d-------- c:\program files\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 23:45 --------- d-----w c:\documents and settings\BW\Application Data\BitTorrent
2009-03-26 17:08 --------- d-----w c:\program files\Steam
2009-03-25 17:34 108,020 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_25_02_13_29_small.dmp.zip
2009-03-23 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-23 19:02 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-23 17:57 79,872 --sha-w c:\windows\system32\vonibusa.dll
2009-03-23 16:57 79,872 --sha-w c:\windows\system32\nazehupo.dll
2009-03-23 00:09 79,872 --sha-w c:\windows\system32\kalomawu.dll
2009-03-21 08:37 127,488 ----a-w c:\windows\Internet Logs\xDB76.tmp
2009-03-19 09:41 492,544 ----a-w c:\windows\Internet Logs\xDB75.tmp
2009-03-16 21:36 --------- d-----w c:\program files\World of Warcraft
2009-03-07 01:18 6,034,432 ----a-w c:\windows\Internet Logs\xDB74.tmp
2009-03-01 07:51 237,056 ----a-w c:\windows\Internet Logs\xDB73.tmp
2009-02-27 07:07 --------- d-----w c:\documents and settings\BW\Application Data\Hamachi
2009-02-27 05:16 --------- d-----w c:\program files\Hamachi
2009-02-27 05:15 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-19 09:34 901,120 ----a-w c:\windows\Internet Logs\xDB72.tmp
2009-02-03 20:35 31,791,631 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-15 06:56 5,863,424 ----a-w c:\windows\Internet Logs\xDB71.tmp
2009-01-15 06:32 5,862,400 ----a-w c:\windows\Internet Logs\xDB6F.tmp
2009-01-12 09:59 5,855,232 ----a-w c:\windows\Internet Logs\xDB6E.tmp
2009-01-10 09:35 5,854,208 ----a-w c:\windows\Internet Logs\xDB70.tmp
2009-01-10 09:35 401,408 ----a-w c:\windows\Internet Logs\xDB6D.tmp
2007-08-20 00:11 24,192 ----a-w c:\documents and settings\BW\usbsermptxp.sys
2007-08-20 00:11 22,768 ----a-w c:\documents and settings\BW\usbsermpt.sys
2008-12-22 02:23 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 02:23 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 02:23 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 02:23 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 02:23 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 755472]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
*Deregistered* - WMP54GSSVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81acfd30-9838-11db-8387-000f661bd6f7}]
\Shell\AutoRun\command - H:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
FF - ProfilePath - c:\documents and settings\BW\Application Data\Mozilla\Firefox\Profiles\j6qsgnwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://myspace.com/
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 20:00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(1112)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-03-26 20:02:26
ComboFix-quarantined-files.txt 2009-03-27 03:02:19

Pre-Run: 23,861,088,256 bytes free
Post-Run: 24,334,229,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

173 --- E O F --- 2007-09-12 19:47:00


and hijack this


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:00 PM, on 3/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 6386 bytes


thank you so much!

0

oh sorry about that.

ComboFix 09-03-26.02 - BW-03-26 19:55:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.318 [GMT -7:00]
Running from: c:\documents and settings\BW\Desktop\soft.exe
FW: ZoneAlarm Pro Firewall *enabled*
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\1000.exe
c:\windows\system32\drivers\senekabqaqgixe.sys
c:\windows\system32\iehelper.dll
c:\windows\system32\mcenspc.dll
c:\windows\system32\uniq.tll
c:\windows\Xtoyevam.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-26 19:25 . 2009-03-26 19:25 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-26 19:12 . 2009-03-26 19:12 61,440 --a------ c:\windows\system32\drivers\enot.sys
2009-03-26 19:07 . 2009-03-26 19:07 61,440 --a------ c:\windows\system32\drivers\egfugm.sys
2009-03-26 19:06 . 2009-03-26 19:15 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-26 19:06 . 2009-03-26 19:15 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-26 19:06 . 2009-03-26 19:15 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-26 19:06 . 2009-03-26 19:06 61,440 --a------ c:\windows\system32\drivers\thqnm.sys
2009-03-26 17:31 . 2009-03-26 17:31 <DIR> d-------- c:\documents and settings\BW\Application Data\vlc
2009-03-26 17:30 . 2009-03-26 17:30 <DIR> d-------- c:\program files\VideoLAN
2009-03-23 13:14 . 2009-03-23 13:14 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-23 12:53 . 2009-03-23 12:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 12:53 . 2009-03-23 12:53 <DIR> d-------- c:\documents and settings\BW\Application Data\Malwarebytes
2009-03-23 12:53 . 2009-03-23 12:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 12:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-23 11:33 . 2009-03-23 11:33 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Talkback
2009-03-23 10:04 . 2009-03-23 10:04 <DIR> d-------- c:\program files\Trend Micro
2009-03-21 00:20 . 2009-03-21 00:20 40,448 --a------ c:\windows\system32\KuzSmall.exe
2009-03-21 00:05 . 2009-03-21 00:05 42,496 --a------ c:\windows\system32\kuzSniper.exe
2009-03-20 23:49 . 2009-03-20 23:49 <DIR> d-------- c:\documents and settings\BW\Application Data\GRETECH
2009-03-20 23:48 . 2009-03-20 23:48 <DIR> d-------- c:\program files\GRETECH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 23:45 --------- d-----w c:\documents and settings\BW\Application Data\BitTorrent
2009-03-26 17:08 --------- d-----w c:\program files\Steam
2009-03-25 17:34 108,020 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_25_02_13_29_small.dmp.zip
2009-03-23 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-23 19:02 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-23 17:57 79,872 --sha-w c:\windows\system32\vonibusa.dll
2009-03-23 16:57 79,872 --sha-w c:\windows\system32\nazehupo.dll
2009-03-23 00:09 79,872 --sha-w c:\windows\system32\kalomawu.dll
2009-03-21 08:37 127,488 ----a-w c:\windows\Internet Logs\xDB76.tmp
2009-03-19 09:41 492,544 ----a-w c:\windows\Internet Logs\xDB75.tmp
2009-03-16 21:36 --------- d-----w c:\program files\World of Warcraft
2009-03-07 01:18 6,034,432 ----a-w c:\windows\Internet Logs\xDB74.tmp
2009-03-01 07:51 237,056 ----a-w c:\windows\Internet Logs\xDB73.tmp
2009-02-27 07:07 --------- d-----w c:\documents and settings\BW\Application Data\Hamachi
2009-02-27 05:16 --------- d-----w c:\program files\Hamachi
2009-02-27 05:15 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-19 09:34 901,120 ----a-w c:\windows\Internet Logs\xDB72.tmp
2009-02-03 20:35 31,791,631 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-15 06:56 5,863,424 ----a-w c:\windows\Internet Logs\xDB71.tmp
2009-01-15 06:32 5,862,400 ----a-w c:\windows\Internet Logs\xDB6F.tmp
2009-01-12 09:59 5,855,232 ----a-w c:\windows\Internet Logs\xDB6E.tmp
2009-01-10 09:35 5,854,208 ----a-w c:\windows\Internet Logs\xDB70.tmp
2009-01-10 09:35 401,408 ----a-w c:\windows\Internet Logs\xDB6D.tmp
2007-08-20 00:11 24,192 ----a-w c:\documents and settings\BW\usbsermptxp.sys
2007-08-20 00:11 22,768 ----a-w c:\documents and settings\BW\usbsermpt.sys
2008-12-22 02:23 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 02:23 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 02:23 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 02:23 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 02:23 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 755472]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
*NewlyCreated* - MCHINJDRV
*Deregistered* - mchInjDrv
*Deregistered* - WMP54GSSVC
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81acfd30-9838-11db-8387-000f661bd6f7}]
\Shell\AutoRun\command - H:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
FF - ProfilePath - c:\documents and settings\BW\Application Data\Mozilla\Firefox\Profiles\j6qsgnwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://myspace.com/
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 20:00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

- - - - - - - > 'lsass.exe'(1112)
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2009-03-26 20:02:26
ComboFix-quarantined-files.txt 2009-03-27 03:02:19

Pre-Run: 23,861,088,256 bytes free
Post-Run: 24,334,229,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

173 --- E O F --- 2007-09-12 19:47:00


thanks in advance again

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.