Overnight my computer rebooted and now is displaying the typical Renos "Your computer is infected" system tray message. I run Zone Alarm, NOD32, and connect to the Internet through a router and a PPOE host program called WinPoet. I routinely run Search & Destroy and Adaware. Usually I am completely free from these invasions and this is most annoying. Despite my Google searches on this issue no claimed solutions have worked. Most especially distracting was the idiotic advice from BullGuard.com. Stay away from them. Here's my HijackThis report. I would greatly appreciate any help and will happily fill in blanks I've left out in this post. Thank you much.
-Pete
HJ output:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:09 PM, on 11/2/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\CTsvcCDA.exe
E:\WINNT\System32\svchost.exe
e:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
L:\SQLDATAMSSQL$SQL01\Binn\sqlservr.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINNT\system32\nvsvc32.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\stisvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\Program Files\WinPoET Broadband Connection\WrOS.EXE
E:\WINNT\system32\MsPMSPSv.exe
E:\WINNT\system32\svchost.exe
L:\SQLDATAMSSQL$SQL01\Binn\sqlagent.EXE
E:\WINNT\Explorer.EXE
E:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
E:\WINNT\system32\CTHELPER.EXE
E:\Program Files\QuickTime\qttask.exe
E:\WINNT\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\CameraAssistant.exe
E:\WINNT\system32\ElkCtrl.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\WinPoET Broadband Connection\WrDialer.exe
E:\Program Files\PestPatrol\PPControl.exe
E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
E:\Program Files\Google\Google Talk\googletalk.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
E:\WINNT\system32\brastk.exe
E:\Program Files\Quicken\bagent.exe
E:\Program Files\OLYMPUS\CAMEDIA Master 4.0\CM_camera.exe
E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
E:\WINNT\system32\taskmgr.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
i:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
i:\PROGRA~1\AVG\AVG8\avgam.exe
i:\PROGRA~1\AVG\AVG8\avgrsx.exe
i:\PROGRA~1\AVG\AVG8\avgnsx.exe
I:\Program Files\AVG\AVG8\avgtray.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\PROGRA~1\AVG\AVG8\aAvgApi.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
L:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
L:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - i:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - i:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - i:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [a-winpoet-service] "E:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] E:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] E:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] E:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] E:\WINNT\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [z-WrDialer] E:\Program Files\WinPoET Broadband Connection\WrDialer.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] E:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] h:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [brastk] E:\WINNT\system32\brastk.exe
O4 - HKLM\..\Run: [AVG8_TRAY] i:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Mozilla Quick Launch] "E:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [QuickenScheduledUpdates] E:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [brastk] E:\WINNT\system32\brastk.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] E:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAMEDIA Master.lnk = E:\Program Files\OLYMPUS\CAMEDIA Master 4.0\CM_camera.exe
O4 - Global Startup: Service Manager.lnk = E:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://L:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - L:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5509E5DF-3A08-4897-9438-7D3F6245F34E}: NameServer = 207.69.188.186,207.69.188.185
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - i:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: E:\WINNT\system32\wmfhotfix.dll,avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - i:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - e:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - E:\Program Files\WinPoET Broadband Connection\WrOS.EXE
--
End of file - 9537 bytes