I researched some .exe processes that show in Task Manager. The sunbelt-software, Research tab, pulls these up as malware:
alg, ctfmon, csrss, lsass, mdm, smss, spoolsv, wdfm
HijackThis log pasted below. ctfmon is the only one that shows up in the scan.
What needs to be done? Are the chances fairly good of getting rid of all the malware? What is "Please DO NOT bump your log"?
Kindred
Logfile of HijackThis v1.99.1
Scan saved at 3:08:57 PM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SYSTEM32\astsrv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
E:\WINDOWS\system32\RunDll32.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\AdwareAlert\Scheduler.exe
E:\Program Files\A Support Programs\firefox.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\PROGRA~1\WINZIP\winzip32.exe
E:\Documents and Settings\Kindred\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluechipgrowth.com
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBCSTray] E:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [adwarealert] E:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Coast to Coast AM] E:\Program Files\Coast to Coast AM Media Center\Coast to Coast AM Media Center.exe
O4 - HKCU\..\Run: [Creative Detector] "E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\MICROSOFT\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727944} (Web Conferencing) - http://metastock.epo....com/joinie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124240142750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124863056109
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AST Service (astcc) - Advanced Software Technologies - E:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - E:\Program Files\A Support Programs\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - E:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - E:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe