Jump to content

peco

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Jean, Logs enclosed, Peco SDFix: Version 1.199 Run by Administrator on 01/07/2008 at 22:22 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Folder C:\DOCUME~1\User\LOCALS~1\Temp\privacy_danger - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 22:30:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express" "C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6" "C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-beta-9704.upx.exe"="C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-beta-9704.upx.exe:*:Enabled:
  2. Hi Jean, Sorry about that, done now, Peco
  3. Hi Jean, Info as requested, with regards to this file i found 2 entries on my hard drive, one being a zip file, and they both had identicle logs when scanned with mabs Peco File GEARSec.exe received on 06.30.2008 23:53:24 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.7.1.0 2008.06.30 - AntiVir 7.8.0.59 2008.06.30 - Authentium 5.1.0.4 2008.06.29 - Avast 4.8.1195.0 2008.06.30 - AVG 7.5.0.516 2008.06.30 - BitDefender 7.2 2008.06.30 - CAT-QuickHeal 9.50 2008.06.30 - ClamAV 0.93.1 2008.06.30 - DrWeb 4.44.0.09170 2008.06.30 - eSafe 7.0.17.0 2008.06.30 - eTrust-Vet 31.6.5914 2008.06.30 - Ewido 4.0 2008.06.27 - F-Prot 4.4.4.56 2008.06.29 - F-Secure 7.60.13501.0 2008.06.26 - Fortinet 3.14.0.0 2008.06.30 - GData 2.0.7306.1023 2008.06.30 - Ikarus T3.1.1.26.0 2008.06.30 - Kaspersky 7.0.0.125 2008.06.30 - McAfee 5328 2008.06.30 - Microsoft 1.3704 2008.06.30 - NOD32v2 3229 2008.06.30 - Norman 5.80.02 2008.06.30 - Panda 9.0.0.4 2008.06.30 - Prevx1 V2 2008.06.30 - Rising 20.51.02.00 2008.06.30 - Sophos 4.30.0 2008.06.30 - Sunbelt 3.1.1509.1 2008.06.30 - Symantec 10 2008.06.30 - TheHacker 6.2.96.364 2008.06.28 - TrendMicro 8.700.0.1004 2008.06.30 - VBA32 3.12.6.8 2008.06.30 - VirusBuster 4.5.11.0 2008.06.30 - Webwasher-Gateway 6.6.2 2008.06.30 - Additional information File size: 53248 bytes MD5...: b6e01969246fcb67470e87e6957ee147 SHA1..: 641bebfaed63d17cafc2fd5c8a9012dd20f33c5b SHA256: f9d1ce5de004a5115298d69ee4c31eca18281348e034594a1bb8d49208e65223 SHA512: cca88907042e27a4f219cde38450d3361402e6e2a1a1d638200dc5a6e50224e1 b5d28cc35854d673cc3f8a9da320a52e829d579b4241f3ebae11e17cf88ec280 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x402af8 timedatestamp.....: 0x3f93e777 (Mon Oct 20 13:47:35 2003) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x7a5d 0x8000 6.45 3b9266d18e6f511f8c6deca30510217b .rdata 0x9000 0x1b0c 0x2000 4.56 a26778552ae3530d3e4ed51c165ab15b .data 0xb000 0x1e28 0x1000 1.31 85d9d19c2ab6b5764f973640a81d04ab .rsrc 0xd000 0x338 0x1000 0.86 099471376da2cb1ce0a73b79c2d45ba1 ( 3 imports ) > KERNEL32.dll: VirtualProtect, GetSystemInfo, CreateEventA, WaitForSingleObject, SetEvent, ExitProcess, GetVersionExA, CreateFileA, CloseHandle, GlobalAlloc, GlobalFree, GetLastError, GetModuleHandleA, GetCommandLineA, RtlUnwind, SetFilePointer, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, WriteFile, ReadFile, GetProcAddress, TerminateProcess, GetCurrentProcess, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, FlushFileBuffers, HeapAlloc, HeapReAlloc, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, SetStdHandle, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualQuery > USER32.dll: GetUserObjectSecurity > ADVAPI32.dll: IsValidSecurityDescriptor, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, GetKernelObjectSecurity, SetKernelObjectSecurity, GetSecurityDescriptorOwner, LookupAccountSidA, GetSecurityDescriptorGroup, LookupAccountNameA, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, StartServiceA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, ControlService, OpenServiceA, SetSecurityDescriptorDacl, AddAccessAllowedAce, GetAce, AddAce, InitializeAcl, GetAclInformation, GetLengthSid ( 0 exports ) Malwarebytes' Anti-Malware 1.19 Database version: 909 Windows 5.1.2600 Service Pack 3 23:03:26 30/06/2008 mbam-log-6-30-2008 (23-03-26).txt Scan type: Quick Scan Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Hi Jean, Logs enclosed, I managed to install service pack 3 with the following fix, which may be of interest to you, and very easy it was too, Peco PS That 024 desktop entry is still there and did not delete The problem may be with the xp registry on your computer. I found the following fix that worked for me: 1. Make a backup of your registry. 2. Download and install subinacl.exe. 3. Create a file called reset.cmd with Notepad. Copy the text below into the file reset.cmd and run reset.cmd with administrative rights (it may take a LONG time): cd /d "%ProgramFiles%\Windows Resource Kits\Tools" subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f subinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=f secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose subinacl.exe can be downloaded from microsoft. LOGS BELOW Malwarebytes' Anti-Malware 1.19 Database version: 909 Windows 5.1.2600 Service Pack 3 19:11:59 30/06/2008 mbam-log-6-30-2008 (19-11-59).txt Scan type: Quick Scan Objects scanned: 42205 Time elapsed: 6 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:35:15, on 30/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Apoint\HidFind.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Shrink Pic\shrink_pic.exe C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234 O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 12415 bytes
  5. Hi Jean, Following info in order of requests, and that 024 desktop component 0 on HJT is still there, it won't delete. Java update no problem, but am unable to install xp service pack 3 either through windows update or by direct download, i recieve message, access is denied, with an error code 0x80070005, and 0x80072F78. I have tried 7 times unsuccessfully. Only other problems are slow browsers. Regards, Peco File update.exe received on 06.28.2008 14:44:00 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.6.27.1 2008.06.27 - AntiVir 7.8.0.59 2008.06.27 - Authentium 5.1.0.4 2008.06.27 - Avast 4.8.1195.0 2008.06.28 - AVG 7.5.0.516 2008.06.28 - BitDefender 7.2 2008.06.28 - CAT-QuickHeal 9.50 2008.06.28 - ClamAV 0.93.1 2008.06.28 - DrWeb 4.44.0.09170 2008.06.28 - eSafe 7.0.17.0 2008.06.26 - eTrust-Vet 31.6.5911 2008.06.27 - Ewido 4.0 2008.06.27 - F-Prot 4.4.4.56 2008.06.27 - F-Secure 7.60.13501.0 2008.06.26 - Fortinet 3.14.0.0 2008.06.28 - GData 2.0.7306.1023 2008.06.28 - Ikarus T3.1.1.26.0 2008.06.28 - Kaspersky 7.0.0.125 2008.06.28 - McAfee 5327 2008.06.27 - Microsoft 1.3704 2008.06.28 - NOD32v2 3224 2008.06.27 - Norman 5.80.02 2008.06.27 - Panda 9.0.0.4 2008.06.28 - Prevx1 V2 2008.06.28 - Rising 20.50.52.00 2008.06.28 - Sophos 4.30.0 2008.06.28 - Sunbelt 3.0.1176.1 2008.06.26 - Symantec 10 2008.06.28 - TheHacker 6.2.96.362 2008.06.27 - TrendMicro 8.700.0.1004 2008.06.27 - VBA32 3.12.6.8 2008.06.28 - VirusBuster 4.5.11.0 2008.06.23 - Webwasher-Gateway 6.6.2 2008.06.28 - Additional information File size: 303104 bytes MD5...: 441c75bc99638c9cb7a47ee79b17d2cf SHA1..: 49f34a9a83da427ea2afb859a219a9dd5d6f5c36 SHA256: 1f3cd696868eec8efe5ae8bc1bca18180115f026934be232512b8e9ec8981545 SHA512: 397cdf4cd31312c161d2e601f1c025e007be968b2ae479bbf777f8ae5feb4e97 7af814887603c752d92c35209d1924a5233a67a421ef5c8e2b33db1440338cd2 PEiD..: Armadillo v1.71 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x420781 timedatestamp.....: 0x46191bf8 (Sun Apr 08 16:44:40 2007) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2e32a 0x2f000 6.49 81d833c51095baeee78d368502464b2c .text1 0x30000 0x1f00 0x2000 5.03 9b161111b5a97144603ded079093e359 .rdata 0x32000 0x61b8 0x7000 3.48 7e365c75fa2b09ae54c5630c2c79f199 .data 0x39000 0x8850c 0x5000 2.34 d726c2238751b2e6685289fad9daddd7 .data1 0xc2000 0x2b14 0x3000 3.25 2df66297d55f5fc604b3667b22f37364 .rsrc 0xc5000 0x8108 0x9000 5.58 8a0fe3c47ee32959c238487b7298bf4b ( 7 imports ) > KERNEL32.dll: CreateMutexW, OpenMutexW, GetLocaleInfoW, SetEndOfFile, CreateFileA, LoadLibraryA, GetOEMCP, GetACP, ReadFile, SetStdHandle, IsBadCodePtr, HeapDestroy, GetStringTypeW, GetStringTypeA, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, lstrlenA, IsValidLocale, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, WideCharToMultiByte, DeleteFileW, GetTempPathW, lstrlenW, IsBadReadPtr, MultiByteToWideChar, Sleep, SuspendThread, ResumeThread, WaitForSingleObject, CreateThread, CreateProcessW, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, UnhandledExceptionFilter, GetProcAddress, SetUnhandledExceptionFilter, SetFilePointer, WriteFile, FlushFileBuffers, CloseHandle, SetEnvironmentVariableA, HeapSize, TerminateProcess, HeapCreate, GetVersionExA, IsValidCodePage, GetCurrentThreadId, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, RtlUnwind, HeapReAlloc, HeapAlloc, HeapFree, GetTimeZoneInformation, GetSystemTime, GetLocalTime, RaiseException, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, LCMapStringA, LCMapStringW, GetCPInfo, CompareStringA, CompareStringW, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, GetLastError, VirtualFree, VirtualAlloc, IsBadWritePtr, GetModuleFileNameA, GetEnvironmentVariableA > USER32.dll: SendMessageW, PostQuitMessage, DestroyWindow, ShowWindow, SetWindowTextW, SetWindowLongW, GetDlgItem, SetTimer, LoadImageW, wsprintfW, GetWindow, FindWindowExW, PostMessageW, CreateDialogParamW, PeekMessageW, DispatchMessageW, TranslateMessage, GetMessageW, MessageBoxW, DrawIconEx, ScreenToClient, GetWindowRect, EndPaint, BeginPaint > GDI32.dll: GetObjectW, GetStockObject, DeleteObject, CreateFontIndirectW, DeleteDC > ADVAPI32.dll: RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyExW > WININET.dll: HttpQueryInfoW, InternetCloseHandle, InternetOpenW, InternetOpenUrlW, InternetReadFile > SHLWAPI.dll: SHDeleteKeyW > COMCTL32.dll: - ( 0 exports ) ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Malwarebytes' Anti-Malware 1.18 Database version: 897 13:53:47 28/06/2008 mbam-log-6-28-2008 (13-53-47).txt Scan type: Quick Scan Objects scanned: 1 Time elapsed: 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.19 Database version: 904 Windows 5.1.2600 Service Pack 2 21:30:15 29/06/2008 mbam-log-6-29-2008 (21-30-14).txt Scan type: Quick Scan Objects scanned: 42420 Time elapsed: 13 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:36:20, on 29/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Shrink Pic\shrink_pic.exe C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234 O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 12331 bytes
  6. Hi Jean, Logs enclosed, Peco Malwarebytes' Anti-Malware 1.18 Database version: 894 20:26:29 26/06/2008 mbam-log-6-26-2008 (20-26-29).txt Scan type: Quick Scan Objects scanned: 42648 Time elapsed: 5 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:27:51, on 26/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Shrink Pic\shrink_pic.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234 O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 11749 bytes
  7. Hi Jean, All files were uploaded, but i will do it again, and post a new vundo log, and i have run all 4 files with virustotal, I have no specific symptoms at the moment, apart from slow running and internet, Kind regards, Peco VundoFix V7.0.6 Scan started at 20:08:57 25/06/2008 Listing files found while scanning.... C:\Windows\system32\cwmbhbqb.dll C:\Windows\system32\fvwmftbd.dll C:\Windows\system32\kncqcksj.dll Beginning removal... Attempting to delete C:\Windows\system32\cwmbhbqb.dll C:\Windows\system32\cwmbhbqb.dll Has been deleted! Attempting to delete C:\Windows\system32\fvwmftbd.dll C:\Windows\system32\fvwmftbd.dll Has been deleted! Attempting to delete C:\Windows\system32\kncqcksj.dll C:\Windows\system32\kncqcksj.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V7.0.6 Scan started at 09:19:31 26/06/2008 Listing files found while scanning.... No infected files were found. File gearsec.zip received on 06.26.2008 09:56:25 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.6.26.0 2008.06.25 - AntiVir 7.8.0.59 2008.06.26 - Authentium 5.1.0.4 2008.06.25 - Avast 4.8.1195.0 2008.06.26 - AVG 7.5.0.516 2008.06.25 - BitDefender 7.2 2008.06.26 - CAT-QuickHeal 9.50 2008.06.25 - ClamAV 0.93.1 2008.06.25 - DrWeb 4.44.0.09170 2008.06.26 - eSafe 7.0.17.0 2008.06.25 - eTrust-Vet 31.6.5906 2008.06.26 - Ewido 4.0 2008.06.25 - F-Prot 4.4.4.56 2008.06.25 - F-Secure 7.60.13501.0 2008.06.24 - Fortinet 3.14.0.0 2008.06.26 - GData 2.0.7306.1023 2008.06.26 - Ikarus T3.1.1.26.0 2008.06.26 - Kaspersky 7.0.0.125 2008.06.26 - McAfee 5325 2008.06.25 - Microsoft 1.3704 2008.06.26 - NOD32v2 3219 2008.06.26 - Norman 5.80.02 2008.06.25 - Panda 9.0.0.4 2008.06.26 - Prevx1 V2 2008.06.26 - Rising 20.50.30.00 2008.06.26 - Sophos 4.30.0 2008.06.26 - Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.26 - TheHacker 6.2.92.362 2008.06.26 - TrendMicro 8.700.0.1004 2008.06.26 - VBA32 3.12.6.8 2008.06.26 - VirusBuster 4.5.11.0 2008.06.23 - Webwasher-Gateway 6.6.2 2008.06.26 - Additional information File size: 23909 bytes MD5...: deffa6e2f219e01710fee2d3464e9157 SHA1..: 04b5461c84adb36d6cea6ac8a21b7495dc562a49 SHA256: ab9d9784a10172ac4f888519ba501571d7368ad73516b1ca499f4e80a7cdde5d SHA512: daff974be57caba6989895aa3efd4072b0cfbeac658e3babba8f91b17af12128 83b4c2832e0d0db63e511f9bbcb635c07a2de972a626235d416c7763206df54f PEiD..: - PEInfo: - File dllhost.zip received on 06.26.2008 10:00:47 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.6.26.0 2008.06.25 - AntiVir 7.8.0.59 2008.06.26 - Authentium 5.1.0.4 2008.06.25 - Avast 4.8.1195.0 2008.06.26 - AVG 7.5.0.516 2008.06.25 - BitDefender 7.2 2008.06.26 - CAT-QuickHeal 9.50 2008.06.25 - ClamAV 0.93.1 2008.06.25 - DrWeb 4.44.0.09170 2008.06.26 - eSafe 7.0.17.0 2008.06.25 - eTrust-Vet 31.6.5906 2008.06.26 - Ewido 4.0 2008.06.25 - F-Prot 4.4.4.56 2008.06.25 - F-Secure 7.60.13501.0 2008.06.24 - Fortinet 3.14.0.0 2008.06.26 - GData 2.0.7306.1023 2008.06.26 - Ikarus T3.1.1.26.0 2008.06.26 - Kaspersky 7.0.0.125 2008.06.26 - McAfee 5325 2008.06.25 - Microsoft 1.3704 2008.06.26 - NOD32v2 3219 2008.06.26 - Norman 5.80.02 2008.06.25 - Panda 9.0.0.4 2008.06.26 - Prevx1 V2 2008.06.26 - Rising 20.50.30.00 2008.06.26 - Sophos 4.30.0 2008.06.26 - Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.26 - TheHacker 6.2.92.362 2008.06.26 - TrendMicro 8.700.0.1004 2008.06.26 - VBA32 3.12.6.8 2008.06.26 - VirusBuster 4.5.11.0 2008.06.23 - Webwasher-Gateway 6.6.2 2008.06.26 - Additional information File size: 2599 bytes MD5...: 4ff27daa6b10b5fd8c6dc6b71bfb89d9 SHA1..: df4534c6fc1e96abc0dc5f5af996bf2111e6e705 SHA256: e82f5fa0c1d104f26377db427de61aa6674d9b73f2cee0331be12daf36b0a51d SHA512: f2ee76c01b128650cdfcd63f4235d3f6bcabaad95a8eb4363fd8a4fae5886e91 35f37bc7bb35370a49aeb0c624561c8c6d3fe2607169507e76bb086f56bec8cd PEiD..: - PEInfo: - File kncqcksj.zip received on 06.26.2008 10:02:10 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 24/33 (72.73%) Loading server information... Your file is queued in position: 3. Estimated start time is between 46 and 66 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.6.26.0 2008.06.25 - AntiVir 7.8.0.59 2008.06.26 ADSPY/Virtumonde.yop.1 Authentium 5.1.0.4 2008.06.25 - Avast 4.8.1195.0 2008.06.26 - AVG 7.5.0.516 2008.06.25 Generic10.AQBC BitDefender 7.2 2008.06.26 Trojan.Vundo.EVO CAT-QuickHeal 9.50 2008.06.25 Trojan.Vundo.gen ClamAV 0.93.1 2008.06.25 - DrWeb 4.44.0.09170 2008.06.26 Trojan.Virtumod.based.16 eSafe 7.0.17.0 2008.06.25 Suspicious File eTrust-Vet 31.6.5906 2008.06.26 Win32/Vundo.ATV Ewido 4.0 2008.06.25 - F-Prot 4.4.4.56 2008.06.25 - F-Secure 7.60.13501.0 2008.06.24 AdWare.Win32.Virtumonde.yop Fortinet 3.14.0.0 2008.06.26 Adware/Virtum GData 2.0.7306.1023 2008.06.26 Trojan.Win32.Monder.yj Ikarus T3.1.1.26.0 2008.06.26 Trojan.Win32.Vundo.M Kaspersky 7.0.0.125 2008.06.26 Trojan.Win32.Monder.yj McAfee 5325 2008.06.25 Vundo Microsoft 1.3704 2008.06.26 Trojan:Win32/Vundo.gen!M NOD32v2 3219 2008.06.26 Win32/Adware.Virtumonde Norman 5.80.02 2008.06.25 W32/Virtumonde.XLW Panda 9.0.0.4 2008.06.26 Spyware/Virtumonde Prevx1 V2 2008.06.26 Malicious Software Rising 20.50.30.00 2008.06.26 - Sophos 4.30.0 2008.06.26 Troj/Virtum-Gen Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.26 Trojan.Metajuan TheHacker 6.2.92.362 2008.06.26 Trojan/Monder.yj TrendMicro 8.700.0.1004 2008.06.26 TROJ_MONDER.AU VBA32 3.12.6.8 2008.06.26 Trojan.Win32.Monder.yj VirusBuster 4.5.11.0 2008.06.23 - Webwasher-Gateway 6.6.2 2008.06.26 Ad-Spyware.Virtumonde.yop.1 Additional information File size: 95649 bytes MD5...: 4787993daab54cc7ea70ae21bad6a441 SHA1..: b18a39b332871af778be65ec9fb5ec913b01e224 SHA256: 0d1e89edf12d3031d7a6d77999a50ddc503738e2757b69ae9482c6dc3864adef SHA512: cc965a3289eb2d097e7fa47706a7151340dbf833f469a5aef3581090b4930c25 d6f28e20a239dedf0bfc157ad2a7aecf66a2ed87fc3599afed71a5453343231d PEiD..: - PEInfo: - Prevx info: http://info.prevx.com/aboutprogramtext.asp...CF7F100667E9C35 File tscupgrd.zip received on 06.26.2008 10:06:27 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) Loading server information... Your file is queued in position: 2. Estimated start time is between 42 and 60 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.6.26.0 2008.06.25 - AntiVir 7.8.0.59 2008.06.26 - Authentium 5.1.0.4 2008.06.25 - Avast 4.8.1195.0 2008.06.26 - AVG 7.5.0.516 2008.06.25 - BitDefender 7.2 2008.06.26 - CAT-QuickHeal 9.50 2008.06.25 - ClamAV 0.93.1 2008.06.25 - DrWeb 4.44.0.09170 2008.06.26 - eSafe 7.0.17.0 2008.06.25 - eTrust-Vet 31.6.5907 2008.06.26 - Ewido 4.0 2008.06.25 - F-Prot 4.4.4.56 2008.06.25 - F-Secure 7.60.13501.0 2008.06.24 - Fortinet 3.14.0.0 2008.06.26 - GData 2.0.7306.1023 2008.06.26 - Ikarus T3.1.1.26.0 2008.06.26 - Kaspersky 7.0.0.125 2008.06.26 - McAfee 5325 2008.06.25 - Microsoft 1.3704 2008.06.26 - NOD32v2 3219 2008.06.26 - Norman 5.80.02 2008.06.25 - Panda 9.0.0.4 2008.06.26 - Prevx1 V2 2008.06.26 - Rising 20.50.30.00 2008.06.26 - Sophos 4.30.0 2008.06.26 - Sunbelt 3.0.1153.1 2008.06.15 - Symantec 10 2008.06.26 - TheHacker 6.2.92.362 2008.06.26 - TrendMicro 8.700.0.1004 2008.06.26 - VBA32 3.12.6.8 2008.06.26 - VirusBuster 4.5.11.0 2008.06.23 - Webwasher-Gateway 6.6.2 2008.06.26 - Additional information File size: 22895 bytes MD5...: 6bea1f875023a083d7aaf81b84e02a04 SHA1..: 5403ed5ab250936513bbe52d0268722b22a34bca SHA256: 266b226d0cf0096d9817678b3d905995e9e586e2ad46e57da2e27a8129fc7290 SHA512: 04d05238358f6784e52561dd15153212ce3fc18757419b3220fcc688f3582690 62d5666f93d948bfc28bd0176ad8ee21f15e9f9565fd58729413abf82c794c87 PEiD..: - PEInfo: -
  8. Hi Jean, details as requested below, Many thanks, Peco contents of C:\vundofix.txt . C:\Windows\system32\cwmbhbqb.dll C:\Windows\system32\fvwmftbd.dll C:\Windows\system32\kncqcksj.dll Malwarebytes' Anti-Malware 1.18 Database version: 891 21:05:45 25/06/2008 mbam-log-6-25-2008 (21-05-45).txt Scan type: Quick Scan Objects scanned: 42392 Time elapsed: 6 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:07:49, on 25/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Shrink Pic\shrink_pic.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\ULTIMA~1\uzshl.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234 O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 11946 bytes
  9. Thanks Jean, Logs as requested, Peco Malwarebytes' Anti-Malware 1.18 Database version: 889 09:45:36 25/06/2008 mbam-log-6-25-2008 (09-45-36).txt Scan type: Full Scan (C:\|) Objects scanned: 86788 Time elapsed: 24 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:46:36, on 25/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Shrink Pic\shrink_pic.exe C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {18D7675F-C6E4-4195-9228-4F0D71813AA5} - (no file) O2 - BHO: (no name) - {2B90707A-8CD0-4123-A608-D1ED2DF11134} - (no file) O2 - BHO: (no name) - {40CD72F8-2BEF-4CDC-AC6F-C4DC0830F78D} - (no file) O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C2FBDD7-DD4E-4AD9-A8A8-EB2A24EBB30E} - (no file) O2 - BHO: (no name) - {64416729-39F2-4FE9-8C3F-17EB9D3DDF6D} - (no file) O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {E8217019-D910-4376-914C-86D68486B792} - (no file) O2 - BHO: (no name) - {f01d2c7b-d333-4d79-8959-c41622c81b97} - (no file) O2 - BHO: (no name) - {F5676298-F8D1-4F26-9F19-B9AD66A7D795} - (no file) O2 - BHO: {75eddc73-94f4-e608-3104-4f0e07e9ef6f} - {f6fe9e70-e0f4-4013-806e-4f4937cdde57} - C:\WINDOWS\system32\kncqcksj.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\RunOnce: [WCIEClnOnce] C:\Program Files\blcorp\WCCSC\WCOC\WCNSCln.exe /WCI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234 O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 12804 bytes
  10. Hi, I am new to this forum, and i would really appreciate any help in getting rid of the malware on my computer which keeps reoccuring despite being deleted by variouse programs. I have enclosed my latest malwarebytes scan log, and a hyjack this log, My symptoms include problems with windows update, and slow running in firefox and IE, and i quite often get a window to close explorer Thanks Peco Malwarebytes' Anti-Malware 1.18 Database version: 883 08:51:54 6/24/2008 mbam-log-6-24-2008 (08-51-54).txt Objects scanned: 39988 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Conduit (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Conduit (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Conduit\Community Alerts (Adware.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:45:06, on 24/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxdicoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Shrink Pic\shrink_pic.exe C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {18D7675F-C6E4-4195-9228-4F0D71813AA5} - (no file) O2 - BHO: (no name) - {2B90707A-8CD0-4123-A608-D1ED2DF11134} - (no file) O2 - BHO: (no name) - {40CD72F8-2BEF-4CDC-AC6F-C4DC0830F78D} - (no file) O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C2FBDD7-DD4E-4AD9-A8A8-EB2A24EBB30E} - (no file) O2 - BHO: (no name) - {64416729-39F2-4FE9-8C3F-17EB9D3DDF6D} - (no file) O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {E8217019-D910-4376-914C-86D68486B792} - (no file) O2 - BHO: (no name) - {f01d2c7b-d333-4d79-8959-c41622c81b97} - (no file) O2 - BHO: (no name) - {F5676298-F8D1-4F26-9F19-B9AD66A7D795} - (no file) O2 - BHO: {75eddc73-94f4-e608-3104-4f0e07e9ef6f} - {f6fe9e70-e0f4-4013-806e-4f4937cdde57} - C:\WINDOWS\system32\kncqcksj.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\RunOnce: [WCIEClnOnce] C:\Program Files\blcorp\WCCSC\WCOC\WCNSCln.exe /WCI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234 O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52 O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.