Anti Virus Hanging, Possible Zlob.DNS Changer and other odd activity

[†TYRANICK†™]

Whenever I log on, my EKRN.EXE for ESET Smart Security jumps to 50% CPU usage on my quad core, which makes everything else hang for ages until I end up ending it. Don'T know why it's starting to do this, I have stupid amounts of security i just don't get these silly things that slip through...how the HELL did none of my software pick it up!?

Anyway yeah, as well as that I cant get rid of "Zlob.DNSChanger" Trojan SpyBot keeps telling me about either =[.

Also...pages on the Internet, like when searching for something...the links are all in italic Like this, www.microsoftupdate.com for example would all be in italics...and it would take me to MSN.com...and other pages link of to other odd sites too. Except it doesn't do this all the time, only randomly.

I have things like WOT Firefox Addon, NoSciprt Addons, Adblock Plus etc etc Sypware guard, SpywareBlaster, ESETNOD32 Smart Security Business, do regular defrags, disk checks, temp cleans you name I take care of it, I try to look after my machine as best I can.

Anywho, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 13:51:02, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
E:\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
E:\SpywareGuard\sgmain.exe
E:\SpywareGuard\sgbhp.exe
E:\ESET\ESET Smart Security\ekrn.exe
E:\Spybot - Search & Destroy\SpybotSD.exe
D:\My Documents\Computer Components\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7CC95A61-E194-4D9B-80D5-C6756513564E} - C:\WINDOWS\system32\hgGvTnOF.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTuner] "E:\RivaTuner v2.11\RivaTuner.exe" /T
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [VolPanel] "E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [egui] "E:\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: SpywareGuard.lnk = E:\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212886842827
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212932699687
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...35/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5103/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DrvAlrt - {1f96baa4-a5e4-4a76-85a6-3fd8a732d3db} - C:\WINDOWS\Resources\DrvAlrt.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Any ideas? Thanks in advance

[†TYRANICK†™]

Oh btw.

I used malwarebytes for some additional help and it found vundo AFAIK.

Will post another log but in the mean time can anyone spot anything from above?

[†TYRANICK†™]

Fixed for now

[†TYRANICK†™]

My computer will hang upon log-on, my EKRN.EXE for my ESET SS Business edition will go up as far as 50% CPU usage of my 4 cores and mess everything up, only ending the task will suffice any other activity.

As well as that, microsoft update re-directs to MSN and all the links or Italic like this www.microsoft.com < etc. And of course they lead to an odd blank page of sorts each time on each case.

Scanning with software revealed a Zlob.DNSChanger in the registry but now its not being picked up, but the symptums are still their.

I have Noscript (Firefox), ESET, WOT(Firefox), Spywareguard, Spywareblaster, Spybot, MalwareBytes (Full edition) and do tons of disk cheks and degrafs and full scans regularily, and cant figure out why this has happened...

As far as i can tell it MUST be an infection of some kind...here's all the desired logs etc and yes I have subscribed to this thread :

-------------------


DDS (Version 1.0) - NTFSx86
Run by Greg at 0:31:33.03 on 14/11/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1306 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
E:\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
E:\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
E:\SpywareGuard\sgmain.exe
E:\SpywareGuard\sgbhp.exe
E:\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\taskmgr.exe
E:\ESET\ESET Smart Security\ekrn.exe
E:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Greg\Desktop\dds.scr
C:\DOCUME~1\Greg\LOCALS~1\Temp\RarSFX0\FI.exe

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - e:\real\realplayer\rpbrowserrecordplugin.dll
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - e:\spywareguard\dlprotect.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - e:\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7CC95A61-E194-4D9B-80D5-C6756513564E} - c:\windows\system32\hgGvTnOF.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "e:\daemon tools\daemon.exe" -lang 1033
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [RivaTuner] "e:\rivatuner v2.11\RivaTuner.exe" /T
mRun: [Adobe Reader Speed Launcher] "e:\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RivaTunerStartupDaemon] "e:\rivatuner v2.11\RivaTuner.exe" /S
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [VolPanel] "e:\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Malwarebytes' Anti-Malware] "e:\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "e:\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\spywar~1.lnk - e:\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-system: NoDispScrSavPage = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: LMIinit -LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: DrvAlrt - {1f96baa4-a5e4-4a76-85a6-3fd8a732d3db} - c:\windows\resources\DrvAlrt.dll
SEH: {81559C35-8464-49F7-BB0E-07A383BEF910} - e:\spywareguard\spywareguard.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGvTnOF

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys
R2 CTAudSvcService;Creative Audio Service;c:\program files\creative\shared files\CTAudSvc.exe
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys
R2 MBAMService;MBAMService;"e:\malwarebytes' anti-malware\mbamservice.exe"
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"e:\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe"
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\common files\creative labs shared\service\CTAELicensing.exe"
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS
S4 hpt3xx;hpt3xx;
S4 LMIRfsClientNP;LMIRfsClientNP;

=============== Created Last 30 ================

2008-11-14 00:13 250 a------- c:\windows\gmer.ini
2008-11-13 14:42 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 14:42 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:14 <DIR> --d----- c:\docume~1\greg\applic~1\Malwarebytes
2008-11-12 21:14 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-12 21:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 21:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-11 22:27 <DIR> --d----- c:\program files\common files\Creative Labs Shared
2008-11-11 20:34 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-11-05 22:27 32 a------- c:\windows\0
2008-11-05 22:27 0 a------- c:\windows\system32\0
2008-11-04 17:07 <DIR> --d----- c:\docume~1\greg\applic~1\SecondLife
2008-11-03 19:29 <DIR> --d----- c:\docume~1\greg\applic~1\Red Alert 3
2008-11-01 13:54 <DIR> --d----- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-01 13:54 202,208 a------- c:\windows\system32\nvapps.xml
2008-11-01 13:54 453,152 a------- c:\windows\system32\nvudisp.exe
2008-11-01 13:54 18,477 a------- c:\windows\system32\nvdisp.nvu
2008-11-01 13:54 <DIR> --d----- c:\windows\nview
2008-11-01 13:53 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-01 13:53 <DIR> --d----- C:\NVIDIA
2008-11-01 10:40 509,448 a------- c:\windows\system32\XAudio2_2.dll
2008-11-01 10:40 68,616 a------- c:\windows\system32\XAPOFX1_1.dll
2008-11-01 10:40 238,088 a------- c:\windows\system32\xactengine3_2.dll
2008-11-01 10:40 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll
2008-11-01 10:40 467,984 a------- c:\windows\system32\d3dx10_39.dll
2008-11-01 10:40 3,851,784 a------- c:\windows\system32\D3DX9_39.dll
2008-10-27 17:37 <DIR> --d----- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2008-10-27 09:18 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-10-15 19:10 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-10-15 19:10 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-10-15 19:10 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 19:10 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 19:10 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 19:10 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

==================== Find3M ====================

2008-11-14 00:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2008-11-14 00:01 <DIR> --d----- c:\program files\LogMeIn
2008-11-13 23:22 <DIR> --d----- c:\docume~1\greg\applic~1\Azureus
2008-11-11 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative
2008-11-02 02:20 <DIR> --d----- c:\docume~1\greg\applic~1\InstallShield Installation Information
2008-11-01 13:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-10-27 23:20 107,832 a------- c:\windows\system32\PnkBstrB.exe
2008-10-27 20:01 2,506,752 a------- c:\windows\system32\pbsvc.exe
2008-10-27 18:57 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-10-23 01:20 <DIR> --d----- c:\docume~1\greg\applic~1\uTorrent
2008-10-20 23:55 <DIR> --d----- c:\program files\common files\Autodesk Shared
2008-10-20 23:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autodesk
2008-10-17 20:56 87,352 a------- c:\windows\system32\LMIinit.dll
2008-10-17 20:56 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 20:56 28,984 a------- c:\windows\system32\LMIport.dll
2008-10-17 20:56 23,736 a------- c:\windows\system32\lmimirr.dll
2008-10-17 20:56 10,040 a------- c:\windows\system32\lmimirr2.dll
2008-10-17 01:46 <DIR> --d----- c:\docume~1\greg\applic~1\SPORE
2008-10-14 16:12 <DIR> --d----- c:\docume~1\greg\applic~1\Autodesk
2008-10-14 15:42 <DIR> --d----- c:\program files\Autodesk
2008-10-14 10:24 7,342 a------- c:\windows\system32\ealregsnapshot1.reg
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-11 22:38 <DIR> --d----- c:\docume~1\greg\applic~1\SPORE Creature Creator
2008-10-09 16:45 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2008-10-07 09:13 288,024 a------- c:\windows\system32\PhysXCplUI.exe


2008-10-07 09:13 23,320 a------- c:\windows\system32\PhysXDevice.dll
2008-10-07 09:13 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelKorean.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelGerman.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelFrench.dll
2008-10-03 17:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 17:43 <DIR> --d----- c:\program files\iPod
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-24 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Codemasters
2008-09-24 13:42 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-09-24 13:42 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-13 08:39 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-09-10 01:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-01 14:06 21,504 a------- c:\windows\jestertb.dll
2008-08-31 21:33 <DIR> --d----- c:\docume~1\greg\applic~1\Download Manager
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-27 12:05 <DIR> --d----- c:\docume~1\greg\applic~1\SystemRequirementsLab
2008-08-26 07:24 826,368 a------- c:\windows\system32\wininet.dll
2008-08-25 09:41 <DIR> --ds---- c:\docume~1\greg\applic~1\My Videos
2008-08-21 00:19 499,712 a------- c:\windows\system32\msvcp71.dll
2008-08-21 00:19 348,160 a------- c:\windows\system32\msvcr71.dll
2008-08-19 16:08 <DIR> --d----- c:\docume~1\greg\applic~1\Xfire
2008-08-17 20:15 <DIR> --d----- c:\docume~1\greg\applic~1\Sahmon Games
2008-08-14 14:30 <DIR> --d----- c:\docume~1\greg\applic~1\Alawar
2008-08-01 21:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Labs
2008-07-27 15:32 <DIR> --d----- c:\docume~1\greg\applic~1\Windows Search
2008-07-23 16:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Slam Games
2008-07-17 18:40 <DIR> --d----- c:\docume~1\greg\applic~1\Move Networks
2008-07-13 23:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sky
2008-07-13 10:16 <DIR> --d----- c:\docume~1\greg\applic~1\ESET
2008-07-08 18:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-07-08 18:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-06-25 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Age of Empires 3
2008-06-22 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2008-06-12 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hot Lava Games
2008-06-12 11:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Funcom
2008-06-10 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-06-10 12:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2008-06-08 13:42 <DIR> --d----- c:\docume~1\greg\applic~1\AVGTOOLBAR
2008-06-08 13:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn

============= FINISH: 0:31:44.98 ===============

[Ried]

Hello †TYRANICK†™. I had seen your first thread and knew you'd be back.

I've merged that thread with this one for continuity. It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on combofix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with an update on system behavior.

[†TYRANICK†™]

Ah yes sorry about that ><! I wanted to delete the other thread lol but umm yeah thanks for not shouting at me hehe.

Here's the log:

ComboFix 08-11-12.02 - Greg 2008-11-14 11:42:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1432 [GMT 0:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\system32\FOnTvGgh.ini
c:\windows\system32\Memman.vxd
c:\windows\system32\MSINET.oca
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))
.

2008-11-14 00:13 . 2008-11-14 00:13 250 --a------ c:\windows\gmer.ini
2008-11-13 14:42 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 14:42 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 21:14 . 2008-11-12 21:14 <DIR> d-------- c:\documents and settings\Greg\Application Data\Malwarebytes
2008-11-12 21:14 . 2008-11-12 21:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 21:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 21:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-11 22:27 . 2008-11-11 22:27 <DIR> d-------- c:\program files\Common Files\Creative Labs Shared
2008-11-11 20:34 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-05 22:30 . 2008-11-05 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-11-05 22:27 . 2008-11-05 22:29 32 --a------ c:\windows\0
2008-11-05 22:27 . 2008-11-05 22:27 0 --a------ c:\windows\system32\0
2008-11-04 17:07 . 2008-11-04 17:08 <DIR> d-------- c:\documents and settings\Greg\Application Data\SecondLife
2008-11-03 19:29 . 2008-11-04 11:32 <DIR> d-------- c:\documents and settings\Greg\Application Data\Red Alert 3
2008-11-01 13:54 . 2008-11-01 13:54 <DIR> d-------- c:\windows\nview
2008-11-01 13:54 . 2008-11-01 13:54 <DIR> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2008-11-01 13:54 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-01 13:54 . 2008-11-14 11:32 202,208 --a------ c:\windows\system32\nvapps.xml
2008-11-01 13:54 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-01 13:53 . 2008-11-01 13:53 <DIR> d-------- C:\NVIDIA
2008-11-01 13:53 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-01 10:40 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2008-11-01 10:40 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2008-11-01 10:40 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2008-11-01 10:40 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2008-11-01 10:40 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2008-11-01 10:40 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2008-10-27 17:37 . 2008-10-27 17:37 <DIR> d-------- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2008-10-27 09:18 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 19:10 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 19:10 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 19:10 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 19:10 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 19:10 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 19:10 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 16:11 . 2008-10-14 16:12 <DIR> d-------- c:\documents and settings\Greg\Application Data\Autodesk
2008-10-14 15:42 . 2008-10-14 15:42 <DIR> d-------- c:\program files\Autodesk
2008-10-14 15:41 . 2008-10-20 23:55 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2008-10-14 15:41 . 2008-10-20 23:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2008-10-14 15:40 . 2008-10-14 15:40 <DIR> d-------- c:\program files\MSBuild
2008-10-14 15:38 . 2008-10-27 09:22 <DIR> d-------- c:\windows\system32\XPSViewer
2008-10-14 15:37 . 2008-10-14 15:37 <DIR> d-------- c:\program files\Reference Assemblies
2008-10-14 15:37 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-10-14 15:03 . 2008-11-04 23:51 26,864 --a------ c:\documents and settings\Greg\Application Data\GDIPFONTCACHEV1.DAT
2008-10-14 10:25 . 2008-10-17 01:46 <DIR> d-------- c:\documents and settings\Greg\Application Data\SPORE
2008-10-14 10:24 . 2008-10-14 10:24 <DIR> d-------- c:\program files\Electronic Arts
2008-10-14 10:24 . 2008-10-14 10:24 7,342 --a------ c:\windows\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 11:50 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-14 00:01 --------- d-----w c:\program files\LogMeIn
2008-11-13 23:22 --------- d-----w c:\documents and settings\Greg\Application Data\Azureus
2008-11-13 22:27 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-11 22:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 22:27 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-11-02 02:20 --------- d-----w c:\documents and settings\Greg\Application Data\InstallShield Installation Information
2008-11-01 13:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-27 23:20 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-27 23:20 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-27 20:01 22,328 ----a-w c:\documents and settings\Greg\Application Data\PnkBstrK.sys
2008-10-27 20:01 2,506,752 ----a-w c:\windows\system32\pbsvc.exe
2008-10-27 18:57 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-27 10:20 --------- d-----w c:\program files\AGEIA Technologies
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 01:20 --------- d-----w c:\documents and settings\Greg\Application Data\uTorrent
2008-10-21 09:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-17 20:56 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-17 20:56 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-17 20:56 47,640 ----a-w c:\windows\system32\drivers\LMIRfsDriver.sys
2008-10-17 20:56 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-17 20:56 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-17 20:56 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-13 09:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-11 22:38 --------- d-----w c:\documents and settings\Greg\Application Data\SPORE Creature Creator
2008-10-09 16:45 --------- dc-h--w c:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
2008-10-07 09:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-10-07 09:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 09:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
2008-10-03 17:43 --------- d-----w c:\program files\iPod
2008-10-03 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 10:22 --------- d-----w c:\documents and settings\Greg\Application Data\Creative
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 14:01 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters
2008-09-24 13:42 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2008-09-24 13:42 109,080 ----a-w c:\windows\system32\OpenAL32.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-13 08:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 09:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-21 00:19 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-08-21 00:19 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-06-08 12:57 32,768 ------w c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="e:\daemon tools\daemon.exe" [2007-08-16 167368]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2008-06-08 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2008-06-08 1953792]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RivaTuner"="e:\rivatuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"Adobe Reader Speed Launcher"="e:\adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RivaTunerStartupDaemon"="e:\rivatuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"VolPanel"="e:\creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2008-10-22 399504]
"egui"="e:\eset\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"CTHelper"="CTHELPER.EXE" [2006-05-24 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 c:\windows\system32\Ctxfihlp.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Greg\Start Menu\Programs\Startup\
SpywareGuard.lnk - e:\spywareguard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 20:56 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^Registration Driver Parallel Lines.LNK]
path=c:\documents and settings\Greg\Start Menu\Programs\Startup\Registration Driver Parallel Lines.LNK
backup=c:\windows\pss\Registration Driver Parallel Lines.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 e:\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--------- 2008-02-28 14:31 63048 c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-21 00:19 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"g:\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"g:\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"e:\\Azureus\\Azureus.exe"=
"g:\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"g:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Codemasters\\GRID\\GRID.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"e:\\iTunes\\iTunes.exe"=
"e:\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Autodesk\\Backburner\\manager.exe"=
"e:\\Autodesk\\Backburner\\server.exe"=
"e:\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"e:\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55665:TCP"= 55665:TCP:vuze
"55665:UDP"= 55665:UDP:vuze
"40178:TCP"= 40178:TCP:utorernt
"40178:UDP"= 40178:UDP:utorren

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-03-03 39472]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 CTAudSvcService;Creative Audio Service;c:\program files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-17 47640]
R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2008-10-22 170640]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;e:\autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-22 15504]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-11 79360]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\DRIVERS\RTL8150.SYS [2006-05-10 22842]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\FalloutLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\autorun.exe
\Shell\setup\command - L:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-09 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2008-10-09 16:42]

2008-11-14 c:\windows\Tasks\Malwarebytes' Scheduled Update for Greg.job
- e:\malwarebytes' anti-malware\mbam.exe [2008-10-22 16:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7CC95A61-E194-4D9B-80D5-C6756513564E} - c:\windows\system32\hgGvTnOF.dll
HKLM-Run-SoundMAXPnP - c:\program files\Analog Devices\Core\smax4pnp.exe
SSODL-DrvAlrt-{1f96baa4-a5e4-4a76-85a6-3fd8a732d3db} - c:\windows\Resources\DrvAlrt.dll
MSConfigStartUp-lphcjh3j0el0e - c:\windows\system32\lphcjh3j0el0e.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\4741yiyq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - e:\adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF -: plugin - e:\divx\DivX Web Player\npdivx32.dll
FF -: plugin - e:\itunes\Mozilla Plugins\npitunes.dll
FF -: plugin - e:\mozilla firefox\plugins\np32dsw.dll
FF -: plugin - e:\mozilla firefox\plugins\npnul32.dll
FF -: plugin - e:\mozilla firefox\plugins\nppl3260.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin2.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin3.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin4.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin5.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin6.dll
FF -: plugin - e:\mozilla firefox\plugins\npqtplugin7.dll
FF -: plugin - e:\mozilla firefox\plugins\nprjplug.dll
FF -: plugin - e:\mozilla firefox\plugins\nprpjplug.dll
FF -: plugin - e:\real\RealPlayer\Netscape6\nppl3260.dll
FF -: plugin - e:\real\RealPlayer\Netscape6\nprjplug.dll
FF -: plugin - e:\real\RealPlayer\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 11:46:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\CTxfispi.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskmgr.exe
e:\spywareguard\sgbhp.exe
e:\eset\ESET Smart Security\ekrn.exe
.
**************************************************************************
.
Completion time: 2008-11-14 11:52:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-14 11:52:06

Pre-Run: 15,342,346,240 bytes free
Post-Run: 15,358,984,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

314 --- E O F --- 2008-11-13 14:53:58

Well as far as boot up is concerned, again it took absolutely AGES to produce the log once again because of EKRN.EXE (From my AV) constantly causing my machine to hang because it's using up to 25-50% CPU usage each time I do anything...

As for the Zlob...hmm not sure i think that may of gone again for now, but can't figure out how/why it keeps slipping through.

So webpages = Ok for now. Boot = still hang due to to AV

[Ried]

You're welcome, †TYRANICK†™. : )


Delete these 2 files: (note, these are files without an extension--not folders. Also, it is the numeral zero, not the letter O)

c:\windows\0
c:\windows\system32\0

--------------------------------------------------------------

Quote:

EKRN.EXE (From my AV) constantly causing my machine to hang because it's using up to 25-50% CPU usage each time I do anything...

After looking into it a bit, there are many people experiencing this same problem. My suggestion is to contact Eset support.

Quote:

As for the Zlob...hmm not sure i think that may of gone again for now, but can't figure out how/why it keeps slipping through.

There are a few reasons why.
It likely first got onto your system likely through P2P/torrent downloads. (Azureus)
It didn't really keep slipping through, it simply wasn't completely removed by the steps you had taken.

--------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[†TYRANICK†™]

Ok here we go. Right I know exactly what this file is, I believe it's my mates stupid hack files he got for CSS...such an idiot, I thought i got rid of it, anyway this is all their is:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 14, 2008 16:18:57
Records in database: 1384976
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 234968
Threat name: 1
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:48:22


File name / Threat name / Threats count
G:\Downloads\Neferty CSS 3.1 BETA(2).rar.part Infected: Trojan-Downloader.Win32.Delf.nhj 1
G:\Downloads\Neferty CSS 3.1 BETA(3).rar.part Infected: Trojan-Downloader.Win32.Delf.nhj 1
G:\Downloads\Neferty CSS 3.1 BETA(4).rar Infected: Trojan-Downloader.Win32.Delf.nhj 1
G:\Downloads\Neferty CSS 3.1 BETA.rar.part Infected: Trojan-Downloader.Win32.Delf.nhj 1

The selected area was scanned.
-------------------------------------

As for the ESET thing, I may have the solution to it being because of an old version of my software so, I'll try uninstalling the one I've got and and updating.

Do you need any other scans being run in the mean time? What happened to hijack-this logs?

[Ried]

Go ahead and delete all those files listed by Kaspersky.

No other scans are needed. The scans we use give a more complete view of what's going on with your system.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[†TYRANICK†™]

Thank You for the tools, I already have all of those + newer versions.

Well...yes the zlob issue is resolved completely but...I still can't find any help on what to do about EKRN.exe hanging all the time during boot up, add/remove/Internet etc. I really don't want to use any other AV because I've NEVER had a problem with with NOD32 SS before...this has only started to happen in the last week or so...hmmm. Even with the newest version of the whole software the issue still persists

If you have any ideas about that then great, otherwise yeah i believe the main zlob issue is resolved, thanks again :)

[Ried]

You're welcome.

No, I don't have any ideas other than for you to contact Eset Support forum as it is their program.

Take care.