peco Posted June 24, 2008 ID:21018 Share Posted June 24, 2008 Hi,I am new to this forum, and i would really appreciate any help in getting rid of the malware on my computer which keeps reoccuring despite being deleted by variouse programs.I have enclosed my latest malwarebytes scan log, and a hyjack this log,My symptoms include problems with windows update, and slow running in firefox and IE, and i quite often get a window to close explorerThanks PecoMalwarebytes' Anti-Malware 1.18Database version: 88308:51:54 6/24/2008mbam-log-6-24-2008 (08-51-54).txtObjects scanned: 39988Time elapsed: 5 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Conduit (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\Conduit (Adware.Agent) -> Quarantined and deleted successfully.C:\Program Files\Conduit\Community Alerts (Adware.Agent) -> Quarantined and deleted successfully.Files Infected:C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:45:06, on 24/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Shrink Pic\shrink_pic.exeC:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: (no name) - {18D7675F-C6E4-4195-9228-4F0D71813AA5} - (no file)O2 - BHO: (no name) - {2B90707A-8CD0-4123-A608-D1ED2DF11134} - (no file)O2 - BHO: (no name) - {40CD72F8-2BEF-4CDC-AC6F-C4DC0830F78D} - (no file)O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {5C2FBDD7-DD4E-4AD9-A8A8-EB2A24EBB30E} - (no file)O2 - BHO: (no name) - {64416729-39F2-4FE9-8C3F-17EB9D3DDF6D} - (no file)O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {E8217019-D910-4376-914C-86D68486B792} - (no file)O2 - BHO: (no name) - {f01d2c7b-d333-4d79-8959-c41622c81b97} - (no file)O2 - BHO: (no name) - {F5676298-F8D1-4F26-9F19-B9AD66A7D795} - (no file)O2 - BHO: {75eddc73-94f4-e608-3104-4f0e07e9ef6f} - {f6fe9e70-e0f4-4013-806e-4f4937cdde57} - C:\WINDOWS\system32\kncqcksj.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang enO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\RunOnce: [WCIEClnOnce] C:\Program Files\blcorp\WCCSC\WCOC\WCNSCln.exe /WCIO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exeO4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
JeanInMontana Posted June 24, 2008 ID:21019 Share Posted June 24, 2008 Hi peco and welcome to Malwarebytes. Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode.Click on the Tools section and then Resident.You will see two items.1. Resident "SD helper" (Internet Explorer bad download blocker.) active2. Resident "Tea Timer" (Protection of over-all system settings.) active.Uncheck number 2..Leave number 1 checked always.You can enable Tea Timer again if you wish once all special fixes have been done. Please open MBAM and go to the settings tab, Put a check next to all the items and choose your language preference. Update the program and run a quick scan again.Post that new log and a new HJT log please and we will see what is left to do. Link to post Share on other sites More sharing options...
peco Posted June 25, 2008 Author ID:21081 Share Posted June 25, 2008 Thanks Jean,Logs as requested,PecoMalwarebytes' Anti-Malware 1.18Database version: 88909:45:36 25/06/2008mbam-log-6-25-2008 (09-45-36).txtScan type: Full Scan (C:\|)Objects scanned: 86788Time elapsed: 24 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:46:36, on 25/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Shrink Pic\shrink_pic.exeC:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Google\Google Updater\GoogleUpdater.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: (no name) - {18D7675F-C6E4-4195-9228-4F0D71813AA5} - (no file)O2 - BHO: (no name) - {2B90707A-8CD0-4123-A608-D1ED2DF11134} - (no file)O2 - BHO: (no name) - {40CD72F8-2BEF-4CDC-AC6F-C4DC0830F78D} - (no file)O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {5C2FBDD7-DD4E-4AD9-A8A8-EB2A24EBB30E} - (no file)O2 - BHO: (no name) - {64416729-39F2-4FE9-8C3F-17EB9D3DDF6D} - (no file)O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {E8217019-D910-4376-914C-86D68486B792} - (no file)O2 - BHO: (no name) - {f01d2c7b-d333-4d79-8959-c41622c81b97} - (no file)O2 - BHO: (no name) - {F5676298-F8D1-4F26-9F19-B9AD66A7D795} - (no file)O2 - BHO: {75eddc73-94f4-e608-3104-4f0e07e9ef6f} - {f6fe9e70-e0f4-4013-806e-4f4937cdde57} - C:\WINDOWS\system32\kncqcksj.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang enO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\RunOnce: [WCIEClnOnce] C:\Program Files\blcorp\WCCSC\WCOC\WCNSCln.exe /WCIO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exeO4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exeO23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exeO24 - Desktop Component 0: Privacy Protection - (no file)--End of file - 12804 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 25, 2008 ID:21103 Share Posted June 25, 2008 Hi again Peco, we have some work to do still. I need you to get some files for me too, so we can make MBAM get all of this.Please locate these files and either drag them all to a folder you create and then zip that folder or zip each file individually. Then upload them to here please http://uploads.malwarebytes.org/C:\WINDOWS\system32\kncqcksj.dllC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\GEARSec.exeC:\ Windows \%systemroot%\system32\tscupgrd.exeNow open HJT again and run a scan only and put a check next to all these items.O2 - BHO: (no name) - {18D7675F-C6E4-4195-9228-4F0D71813AA5} - (no file)O2 - BHO: (no name) - {2B90707A-8CD0-4123-A608-D1ED2DF11134} - (no file)O2 - BHO: (no name) - {40CD72F8-2BEF-4CDC-AC6F-C4DC0830F78D} - (no file)O2 - BHO: (no name) - {5C2FBDD7-DD4E-4AD9-A8A8-EB2A24EBB30E} - (no file)O2 - BHO: (no name) - {64416729-39F2-4FE9-8C3F-17EB9D3DDF6D} - (no file)O2 - BHO: (no name) - {E8217019-D910-4376-914C-86D68486B792} - (no file)O2 - BHO: (no name) - {f01d2c7b-d333-4d79-8959-c41622c81b97} - (no file)O2 - BHO: (no name) - {F5676298-F8D1-4F26-9F19-B9AD66A7D795} - (no file)O2 - BHO: {75eddc73-94f4-e608-3104-4f0e07e9ef6f} - {f6fe9e70-e0f4-4013-806e-4f4937cdde57} - C:\WINDOWS\system32\kncqcksj.dllO3 - Toolbar: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)O24 - Desktop Component 0: Privacy Protection - (no file)Now click Fix and exit the program. Reboot and follow these instructions:Please download VundoFix.exeto your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt .Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.Update MBAM and run a quick scan with it also and post that log and a new HiJackThis log. Link to post Share on other sites More sharing options...
peco Posted June 25, 2008 Author ID:21115 Share Posted June 25, 2008 Hi Jean,details as requested below,Many thanks,Peco contents of C:\vundofix.txt .C:\Windows\system32\cwmbhbqb.dllC:\Windows\system32\fvwmftbd.dllC:\Windows\system32\kncqcksj.dllMalwarebytes' Anti-Malware 1.18Database version: 89121:05:45 25/06/2008mbam-log-6-25-2008 (21-05-45).txtScan type: Quick ScanObjects scanned: 42392Time elapsed: 6 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:07:49, on 25/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Apoint\Apoint.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Shrink Pic\shrink_pic.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\ULTIMA~1\uzshl.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang enO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exeO4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exeO23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exeO24 - Desktop Component 0: Privacy Protection - (no file)--End of file - 11946 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 25, 2008 ID:21125 Share Posted June 25, 2008 Hi Peco were you able to upload the files? It looks like part of the Vundo log is missing did you post it all? I need to see all of it please.C:\WINDOWS\System32\GEARSec.exe <==== please upload and scan that file. To here =====> http://www.virustotal.com/ Post the results in your next reply.Now open HJT and run scan only place a check next to the following items, then click fix.R3 - URLSearchHook: (no name) - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - (no file)O2 - BHO: (no name) - {529b0b20-0ab5-4297-83fe-79d5a5bcc813} - (no file)O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O24 - Desktop Component 0: Privacy Protection - (no file)Reboot and post a new log. Give me some feed back, how is the system running? Link to post Share on other sites More sharing options...
peco Posted June 26, 2008 Author ID:21162 Share Posted June 26, 2008 Hi Jean,All files were uploaded, but i will do it again, and post a new vundo log, and i have run all 4 files with virustotal,I have no specific symptoms at the moment, apart from slow running and internet,Kind regards,PecoVundoFix V7.0.6Scan started at 20:08:57 25/06/2008Listing files found while scanning....C:\Windows\system32\cwmbhbqb.dllC:\Windows\system32\fvwmftbd.dllC:\Windows\system32\kncqcksj.dllBeginning removal... Attempting to delete C:\Windows\system32\cwmbhbqb.dllC:\Windows\system32\cwmbhbqb.dll Has been deleted! Attempting to delete C:\Windows\system32\fvwmftbd.dllC:\Windows\system32\fvwmftbd.dll Has been deleted! Attempting to delete C:\Windows\system32\kncqcksj.dllC:\Windows\system32\kncqcksj.dll Has been deleted!Performing Repairs to the registry.Done!VundoFix V7.0.6Scan started at 09:19:31 26/06/2008Listing files found while scanning....No infected files were found. File gearsec.zip received on 06.26.2008 09:56:25 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)Loading server information...Your file is queued in position: ___.Estimated start time is between ___ and ___ .Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email: Antivirus Version Last Update ResultAhnLab-V3 2008.6.26.0 2008.06.25 -AntiVir 7.8.0.59 2008.06.26 -Authentium 5.1.0.4 2008.06.25 -Avast 4.8.1195.0 2008.06.26 -AVG 7.5.0.516 2008.06.25 -BitDefender 7.2 2008.06.26 -CAT-QuickHeal 9.50 2008.06.25 -ClamAV 0.93.1 2008.06.25 -DrWeb 4.44.0.09170 2008.06.26 -eSafe 7.0.17.0 2008.06.25 -eTrust-Vet 31.6.5906 2008.06.26 -Ewido 4.0 2008.06.25 -F-Prot 4.4.4.56 2008.06.25 -F-Secure 7.60.13501.0 2008.06.24 -Fortinet 3.14.0.0 2008.06.26 -GData 2.0.7306.1023 2008.06.26 -Ikarus T3.1.1.26.0 2008.06.26 -Kaspersky 7.0.0.125 2008.06.26 -McAfee 5325 2008.06.25 -Microsoft 1.3704 2008.06.26 -NOD32v2 3219 2008.06.26 -Norman 5.80.02 2008.06.25 -Panda 9.0.0.4 2008.06.26 -Prevx1 V2 2008.06.26 -Rising 20.50.30.00 2008.06.26 -Sophos 4.30.0 2008.06.26 -Sunbelt 3.0.1153.1 2008.06.15 -Symantec 10 2008.06.26 -TheHacker 6.2.92.362 2008.06.26 -TrendMicro 8.700.0.1004 2008.06.26 -VBA32 3.12.6.8 2008.06.26 -VirusBuster 4.5.11.0 2008.06.23 -Webwasher-Gateway 6.6.2 2008.06.26 -Additional informationFile size: 23909 bytesMD5...: deffa6e2f219e01710fee2d3464e9157SHA1..: 04b5461c84adb36d6cea6ac8a21b7495dc562a49SHA256: ab9d9784a10172ac4f888519ba501571d7368ad73516b1ca499f4e80a7cdde5dSHA512: daff974be57caba6989895aa3efd4072b0cfbeac658e3babba8f91b17af1212883b4c2832e0d0db63e511f9bbcb635c07a2de972a626235d416c7763206df54fPEiD..: -PEInfo: - File dllhost.zip received on 06.26.2008 10:00:47 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)Loading server information...Your file is queued in position: ___.Estimated start time is between ___ and ___ .Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email: Antivirus Version Last Update ResultAhnLab-V3 2008.6.26.0 2008.06.25 -AntiVir 7.8.0.59 2008.06.26 -Authentium 5.1.0.4 2008.06.25 -Avast 4.8.1195.0 2008.06.26 -AVG 7.5.0.516 2008.06.25 -BitDefender 7.2 2008.06.26 -CAT-QuickHeal 9.50 2008.06.25 -ClamAV 0.93.1 2008.06.25 -DrWeb 4.44.0.09170 2008.06.26 -eSafe 7.0.17.0 2008.06.25 -eTrust-Vet 31.6.5906 2008.06.26 -Ewido 4.0 2008.06.25 -F-Prot 4.4.4.56 2008.06.25 -F-Secure 7.60.13501.0 2008.06.24 -Fortinet 3.14.0.0 2008.06.26 -GData 2.0.7306.1023 2008.06.26 -Ikarus T3.1.1.26.0 2008.06.26 -Kaspersky 7.0.0.125 2008.06.26 -McAfee 5325 2008.06.25 -Microsoft 1.3704 2008.06.26 -NOD32v2 3219 2008.06.26 -Norman 5.80.02 2008.06.25 -Panda 9.0.0.4 2008.06.26 -Prevx1 V2 2008.06.26 -Rising 20.50.30.00 2008.06.26 -Sophos 4.30.0 2008.06.26 -Sunbelt 3.0.1153.1 2008.06.15 -Symantec 10 2008.06.26 -TheHacker 6.2.92.362 2008.06.26 -TrendMicro 8.700.0.1004 2008.06.26 -VBA32 3.12.6.8 2008.06.26 -VirusBuster 4.5.11.0 2008.06.23 -Webwasher-Gateway 6.6.2 2008.06.26 -Additional informationFile size: 2599 bytesMD5...: 4ff27daa6b10b5fd8c6dc6b71bfb89d9SHA1..: df4534c6fc1e96abc0dc5f5af996bf2111e6e705SHA256: e82f5fa0c1d104f26377db427de61aa6674d9b73f2cee0331be12daf36b0a51dSHA512: f2ee76c01b128650cdfcd63f4235d3f6bcabaad95a8eb4363fd8a4fae5886e9135f37bc7bb35370a49aeb0c624561c8c6d3fe2607169507e76bb086f56bec8cdPEiD..: -PEInfo: - File kncqcksj.zip received on 06.26.2008 10:02:10 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 24/33 (72.73%)Loading server information...Your file is queued in position: 3.Estimated start time is between 46 and 66 seconds.Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email: Antivirus Version Last Update ResultAhnLab-V3 2008.6.26.0 2008.06.25 -AntiVir 7.8.0.59 2008.06.26 ADSPY/Virtumonde.yop.1Authentium 5.1.0.4 2008.06.25 -Avast 4.8.1195.0 2008.06.26 -AVG 7.5.0.516 2008.06.25 Generic10.AQBCBitDefender 7.2 2008.06.26 Trojan.Vundo.EVOCAT-QuickHeal 9.50 2008.06.25 Trojan.Vundo.genClamAV 0.93.1 2008.06.25 -DrWeb 4.44.0.09170 2008.06.26 Trojan.Virtumod.based.16eSafe 7.0.17.0 2008.06.25 Suspicious FileeTrust-Vet 31.6.5906 2008.06.26 Win32/Vundo.ATVEwido 4.0 2008.06.25 -F-Prot 4.4.4.56 2008.06.25 -F-Secure 7.60.13501.0 2008.06.24 AdWare.Win32.Virtumonde.yopFortinet 3.14.0.0 2008.06.26 Adware/VirtumGData 2.0.7306.1023 2008.06.26 Trojan.Win32.Monder.yjIkarus T3.1.1.26.0 2008.06.26 Trojan.Win32.Vundo.MKaspersky 7.0.0.125 2008.06.26 Trojan.Win32.Monder.yjMcAfee 5325 2008.06.25 VundoMicrosoft 1.3704 2008.06.26 Trojan:Win32/Vundo.gen!MNOD32v2 3219 2008.06.26 Win32/Adware.VirtumondeNorman 5.80.02 2008.06.25 W32/Virtumonde.XLWPanda 9.0.0.4 2008.06.26 Spyware/VirtumondePrevx1 V2 2008.06.26 Malicious SoftwareRising 20.50.30.00 2008.06.26 -Sophos 4.30.0 2008.06.26 Troj/Virtum-GenSunbelt 3.0.1153.1 2008.06.15 -Symantec 10 2008.06.26 Trojan.MetajuanTheHacker 6.2.92.362 2008.06.26 Trojan/Monder.yjTrendMicro 8.700.0.1004 2008.06.26 TROJ_MONDER.AUVBA32 3.12.6.8 2008.06.26 Trojan.Win32.Monder.yjVirusBuster 4.5.11.0 2008.06.23 -Webwasher-Gateway 6.6.2 2008.06.26 Ad-Spyware.Virtumonde.yop.1Additional informationFile size: 95649 bytesMD5...: 4787993daab54cc7ea70ae21bad6a441SHA1..: b18a39b332871af778be65ec9fb5ec913b01e224SHA256: 0d1e89edf12d3031d7a6d77999a50ddc503738e2757b69ae9482c6dc3864adefSHA512: cc965a3289eb2d097e7fa47706a7151340dbf833f469a5aef3581090b4930c25d6f28e20a239dedf0bfc157ad2a7aecf66a2ed87fc3599afed71a5453343231dPEiD..: -PEInfo: -Prevx info: http://info.prevx.com/aboutprogramtext.asp...CF7F100667E9C35 File tscupgrd.zip received on 06.26.2008 10:06:27 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)Loading server information...Your file is queued in position: 2.Estimated start time is between 42 and 60 seconds.Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email: Antivirus Version Last Update ResultAhnLab-V3 2008.6.26.0 2008.06.25 -AntiVir 7.8.0.59 2008.06.26 -Authentium 5.1.0.4 2008.06.25 -Avast 4.8.1195.0 2008.06.26 -AVG 7.5.0.516 2008.06.25 -BitDefender 7.2 2008.06.26 -CAT-QuickHeal 9.50 2008.06.25 -ClamAV 0.93.1 2008.06.25 -DrWeb 4.44.0.09170 2008.06.26 -eSafe 7.0.17.0 2008.06.25 -eTrust-Vet 31.6.5907 2008.06.26 -Ewido 4.0 2008.06.25 -F-Prot 4.4.4.56 2008.06.25 -F-Secure 7.60.13501.0 2008.06.24 -Fortinet 3.14.0.0 2008.06.26 -GData 2.0.7306.1023 2008.06.26 -Ikarus T3.1.1.26.0 2008.06.26 -Kaspersky 7.0.0.125 2008.06.26 -McAfee 5325 2008.06.25 -Microsoft 1.3704 2008.06.26 -NOD32v2 3219 2008.06.26 -Norman 5.80.02 2008.06.25 -Panda 9.0.0.4 2008.06.26 -Prevx1 V2 2008.06.26 -Rising 20.50.30.00 2008.06.26 -Sophos 4.30.0 2008.06.26 -Sunbelt 3.0.1153.1 2008.06.15 -Symantec 10 2008.06.26 -TheHacker 6.2.92.362 2008.06.26 -TrendMicro 8.700.0.1004 2008.06.26 -VBA32 3.12.6.8 2008.06.26 -VirusBuster 4.5.11.0 2008.06.23 -Webwasher-Gateway 6.6.2 2008.06.26 -Additional informationFile size: 22895 bytesMD5...: 6bea1f875023a083d7aaf81b84e02a04SHA1..: 5403ed5ab250936513bbe52d0268722b22a34bcaSHA256: 266b226d0cf0096d9817678b3d905995e9e586e2ad46e57da2e27a8129fc7290SHA512: 04d05238358f6784e52561dd15153212ce3fc18757419b3220fcc688f358269062d5666f93d948bfc28bd0176ad8ee21f15e9f9565fd58729413abf82c794c87PEiD..: -PEInfo: - Link to post Share on other sites More sharing options...
JeanInMontana Posted June 26, 2008 ID:21191 Share Posted June 26, 2008 Great work. Please update MBAM and run a quick scan post that log and a new HJT log. Link to post Share on other sites More sharing options...
peco Posted June 26, 2008 Author ID:21192 Share Posted June 26, 2008 Hi Jean,Logs enclosed,PecoMalwarebytes' Anti-Malware 1.18Database version: 89420:26:29 26/06/2008mbam-log-6-26-2008 (20-26-29).txtScan type: Quick ScanObjects scanned: 42648Time elapsed: 5 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:27:51, on 26/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Apoint\HidFind.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Shrink Pic\shrink_pic.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang enO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exeO4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exeO23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exeO24 - Desktop Component 0: Privacy Protection - (no file)--End of file - 11749 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 27, 2008 ID:21248 Share Posted June 27, 2008 Hi Peco, I have asked this file to be removed with HJT several times. Is it getting checked and then fix checked? O24 - Desktop Component 0: Privacy Protection - (no file) Please upload this to Virus Total and to Malwarebytes C:\Program Files\Essentials Codec Pack\update.exe -silentLog is looking good but for that one and it can go either way. How are you running? You need to update your Java.You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation.Your Windows is also behind current Service Pack is 3.Post the Virus Total report, run HJT again and make sure that entry is checked and you click fix. Reboot and post me a new updated MBAM log, new HJT and the VT report please.Tell me how your running too. Link to post Share on other sites More sharing options...
peco Posted June 29, 2008 Author ID:21405 Share Posted June 29, 2008 Hi Jean,Following info in order of requests, and that 024 desktop component 0 on HJT is still there, it won't delete.Java update no problem, but am unable to install xp service pack 3 either through windows update or by direct download, i recieve message, access is denied, with an error code 0x80070005, and 0x80072F78. I have tried 7 times unsuccessfully.Only other problems are slow browsers.Regards,Peco File update.exe received on 06.28.2008 14:44:00 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)Loading server information...Your file is queued in position: ___.Estimated start time is between ___ and ___ .Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email: Antivirus Version Last Update ResultAhnLab-V3 2008.6.27.1 2008.06.27 -AntiVir 7.8.0.59 2008.06.27 -Authentium 5.1.0.4 2008.06.27 -Avast 4.8.1195.0 2008.06.28 -AVG 7.5.0.516 2008.06.28 -BitDefender 7.2 2008.06.28 -CAT-QuickHeal 9.50 2008.06.28 -ClamAV 0.93.1 2008.06.28 -DrWeb 4.44.0.09170 2008.06.28 -eSafe 7.0.17.0 2008.06.26 -eTrust-Vet 31.6.5911 2008.06.27 -Ewido 4.0 2008.06.27 -F-Prot 4.4.4.56 2008.06.27 -F-Secure 7.60.13501.0 2008.06.26 -Fortinet 3.14.0.0 2008.06.28 -GData 2.0.7306.1023 2008.06.28 -Ikarus T3.1.1.26.0 2008.06.28 -Kaspersky 7.0.0.125 2008.06.28 -McAfee 5327 2008.06.27 -Microsoft 1.3704 2008.06.28 -NOD32v2 3224 2008.06.27 -Norman 5.80.02 2008.06.27 -Panda 9.0.0.4 2008.06.28 -Prevx1 V2 2008.06.28 -Rising 20.50.52.00 2008.06.28 -Sophos 4.30.0 2008.06.28 -Sunbelt 3.0.1176.1 2008.06.26 -Symantec 10 2008.06.28 -TheHacker 6.2.96.362 2008.06.27 -TrendMicro 8.700.0.1004 2008.06.27 -VBA32 3.12.6.8 2008.06.28 -VirusBuster 4.5.11.0 2008.06.23 -Webwasher-Gateway 6.6.2 2008.06.28 -Additional informationFile size: 303104 bytesMD5...: 441c75bc99638c9cb7a47ee79b17d2cfSHA1..: 49f34a9a83da427ea2afb859a219a9dd5d6f5c36SHA256: 1f3cd696868eec8efe5ae8bc1bca18180115f026934be232512b8e9ec8981545SHA512: 397cdf4cd31312c161d2e601f1c025e007be968b2ae479bbf777f8ae5feb4e977af814887603c752d92c35209d1924a5233a67a421ef5c8e2b33db1440338cd2PEiD..: Armadillo v1.71PEInfo: PE Structure information( base data )entrypointaddress.: 0x420781timedatestamp.....: 0x46191bf8 (Sun Apr 08 16:44:40 2007)machinetype.......: 0x14c (I386)( 6 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x2e32a 0x2f000 6.49 81d833c51095baeee78d368502464b2c.text1 0x30000 0x1f00 0x2000 5.03 9b161111b5a97144603ded079093e359.rdata 0x32000 0x61b8 0x7000 3.48 7e365c75fa2b09ae54c5630c2c79f199.data 0x39000 0x8850c 0x5000 2.34 d726c2238751b2e6685289fad9daddd7.data1 0xc2000 0x2b14 0x3000 3.25 2df66297d55f5fc604b3667b22f37364.rsrc 0xc5000 0x8108 0x9000 5.58 8a0fe3c47ee32959c238487b7298bf4b( 7 imports )> KERNEL32.dll: CreateMutexW, OpenMutexW, GetLocaleInfoW, SetEndOfFile, CreateFileA, LoadLibraryA, GetOEMCP, GetACP, ReadFile, SetStdHandle, IsBadCodePtr, HeapDestroy, GetStringTypeW, GetStringTypeA, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, lstrlenA, IsValidLocale, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, WideCharToMultiByte, DeleteFileW, GetTempPathW, lstrlenW, IsBadReadPtr, MultiByteToWideChar, Sleep, SuspendThread, ResumeThread, WaitForSingleObject, CreateThread, CreateProcessW, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, FlushInstructionCache, LeaveCriticalSection, EnterCriticalSection, UnhandledExceptionFilter, GetProcAddress, SetUnhandledExceptionFilter, SetFilePointer, WriteFile, FlushFileBuffers, CloseHandle, SetEnvironmentVariableA, HeapSize, TerminateProcess, HeapCreate, GetVersionExA, IsValidCodePage, GetCurrentThreadId, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, RtlUnwind, HeapReAlloc, HeapAlloc, HeapFree, GetTimeZoneInformation, GetSystemTime, GetLocalTime, RaiseException, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, LCMapStringA, LCMapStringW, GetCPInfo, CompareStringA, CompareStringW, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, GetLastError, VirtualFree, VirtualAlloc, IsBadWritePtr, GetModuleFileNameA, GetEnvironmentVariableA> USER32.dll: SendMessageW, PostQuitMessage, DestroyWindow, ShowWindow, SetWindowTextW, SetWindowLongW, GetDlgItem, SetTimer, LoadImageW, wsprintfW, GetWindow, FindWindowExW, PostMessageW, CreateDialogParamW, PeekMessageW, DispatchMessageW, TranslateMessage, GetMessageW, MessageBoxW, DrawIconEx, ScreenToClient, GetWindowRect, EndPaint, BeginPaint> GDI32.dll: GetObjectW, GetStockObject, DeleteObject, CreateFontIndirectW, DeleteDC> ADVAPI32.dll: RegCloseKey, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyExW> WININET.dll: HttpQueryInfoW, InternetCloseHandle, InternetOpenW, InternetOpenUrlW, InternetReadFile> SHLWAPI.dll: SHDeleteKeyW> COMCTL32.dll: -( 0 exports )ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Malwarebytes' Anti-Malware 1.18Database version: 89713:53:47 28/06/2008mbam-log-6-28-2008 (13-53-47).txtScan type: Quick ScanObjects scanned: 1Time elapsed: 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Malwarebytes' Anti-Malware 1.19Database version: 904Windows 5.1.2600 Service Pack 221:30:15 29/06/2008mbam-log-6-29-2008 (21-30-14).txtScan type: Quick ScanObjects scanned: 42420Time elapsed: 13 minute(s), 22 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:36:20, on 29/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Shrink Pic\shrink_pic.exeC:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Apoint\HidFind.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang enO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exeO4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exeO23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exeO24 - Desktop Component 0: Privacy Protection - (no file)--End of file - 12331 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 30, 2008 ID:21492 Share Posted June 30, 2008 OK I think I have the solution for that pesky file.Right click your desktop and select properties .Click desktop tab , customize desktop button , web tab .Highlight the item(s) there and select delete . That should do itLet's get a new scan with MBAM, be sure to update it and a new HJT log.If you have your original install disk for XP get it out and have it handy. Now go here and follow the instructions. Even if you don't have the CD you can do the procedure. I've done it and it works. From what I find you have a damaged or missing file not allowing the update. Link to post Share on other sites More sharing options...
peco Posted June 30, 2008 Author ID:21516 Share Posted June 30, 2008 Hi Jean,Logs enclosed,I managed to install service pack 3 with the following fix, which may be of interest to you, and very easy it was too,PecoPS That 024 desktop entry is still there and did not deleteThe problem may be with the xp registry on your computer. I found the following fix that worked for me:1. Make a backup of your registry.2. Download and install subinacl.exe.3. Create a file called reset.cmd with Notepad. Copy the text below into the file reset.cmd and run reset.cmd with administrative rights (it may take a LONG time):cd /d "%ProgramFiles%\Windows Resource Kits\Tools"subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=fsubinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=fsubinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=fsubinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=fsubinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=fsecedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbosesubinacl.exe can be downloaded from microsoft.LOGS BELOWMalwarebytes' Anti-Malware 1.19Database version: 909Windows 5.1.2600 Service Pack 319:11:59 30/06/2008mbam-log-6-30-2008 (19-11-59).txtScan type: Quick ScanObjects scanned: 42205Time elapsed: 6 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:35:15, on 30/06/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Maxtor\Sync\SyncServices.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Apoint\HidFind.exeC:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Shrink Pic\shrink_pic.exeC:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\BitTorrent\bittorrent.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /sO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silentO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang enO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exeO4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Bluetooth Manager.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213797833234O17 - HKLM\System\CCS\Services\Tcpip\..\{25427772-B46B-4C8A-B700-015BBD4C945E}: NameServer = 62.42.230.24,62.42.65.52O17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLLO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exeO23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exeO23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exeO23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exeO24 - Desktop Component 0: Privacy Protection - (no file)--End of file - 12415 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted June 30, 2008 ID:21529 Share Posted June 30, 2008 Great news! Ok one last file that may or may not be bad. The returning empty entry is a bug we think, but to be sure, please upload this to Virus Total C:\WINDOWS\System32\GEARSec.exe and to us here at Malwarebytes. Link to post Share on other sites More sharing options...
peco Posted June 30, 2008 Author ID:21536 Share Posted June 30, 2008 Hi Jean,Info as requested,with regards to this file i found 2 entries on my hard drive, one being a zip file, and they both had identicle logs when scanned with mabsPeco File GEARSec.exe received on 06.30.2008 23:53:24 (CET)Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPEDResult: 0/33 (0%)Loading server information...Your file is queued in position: ___.Estimated start time is between ___ and ___ .Do not close the window until scan is complete.The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.If you are waiting for more than five minutes you have to resend your file.Your file is being scanned by VirusTotal in this moment,results will be shown as they're generated.Compact CompactPrint results Print resultsYour file has expired or does not exists.Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.Email: Antivirus Version Last Update ResultAhnLab-V3 2008.7.1.0 2008.06.30 -AntiVir 7.8.0.59 2008.06.30 -Authentium 5.1.0.4 2008.06.29 -Avast 4.8.1195.0 2008.06.30 -AVG 7.5.0.516 2008.06.30 -BitDefender 7.2 2008.06.30 -CAT-QuickHeal 9.50 2008.06.30 -ClamAV 0.93.1 2008.06.30 -DrWeb 4.44.0.09170 2008.06.30 -eSafe 7.0.17.0 2008.06.30 -eTrust-Vet 31.6.5914 2008.06.30 -Ewido 4.0 2008.06.27 -F-Prot 4.4.4.56 2008.06.29 -F-Secure 7.60.13501.0 2008.06.26 -Fortinet 3.14.0.0 2008.06.30 -GData 2.0.7306.1023 2008.06.30 -Ikarus T3.1.1.26.0 2008.06.30 -Kaspersky 7.0.0.125 2008.06.30 -McAfee 5328 2008.06.30 -Microsoft 1.3704 2008.06.30 -NOD32v2 3229 2008.06.30 -Norman 5.80.02 2008.06.30 -Panda 9.0.0.4 2008.06.30 -Prevx1 V2 2008.06.30 -Rising 20.51.02.00 2008.06.30 -Sophos 4.30.0 2008.06.30 -Sunbelt 3.1.1509.1 2008.06.30 -Symantec 10 2008.06.30 -TheHacker 6.2.96.364 2008.06.28 -TrendMicro 8.700.0.1004 2008.06.30 -VBA32 3.12.6.8 2008.06.30 -VirusBuster 4.5.11.0 2008.06.30 -Webwasher-Gateway 6.6.2 2008.06.30 -Additional informationFile size: 53248 bytesMD5...: b6e01969246fcb67470e87e6957ee147SHA1..: 641bebfaed63d17cafc2fd5c8a9012dd20f33c5bSHA256: f9d1ce5de004a5115298d69ee4c31eca18281348e034594a1bb8d49208e65223SHA512: cca88907042e27a4f219cde38450d3361402e6e2a1a1d638200dc5a6e50224e1b5d28cc35854d673cc3f8a9da320a52e829d579b4241f3ebae11e17cf88ec280PEiD..: -PEInfo: PE Structure information( base data )entrypointaddress.: 0x402af8timedatestamp.....: 0x3f93e777 (Mon Oct 20 13:47:35 2003)machinetype.......: 0x14c (I386)( 4 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x7a5d 0x8000 6.45 3b9266d18e6f511f8c6deca30510217b.rdata 0x9000 0x1b0c 0x2000 4.56 a26778552ae3530d3e4ed51c165ab15b.data 0xb000 0x1e28 0x1000 1.31 85d9d19c2ab6b5764f973640a81d04ab.rsrc 0xd000 0x338 0x1000 0.86 099471376da2cb1ce0a73b79c2d45ba1( 3 imports )> KERNEL32.dll: VirtualProtect, GetSystemInfo, CreateEventA, WaitForSingleObject, SetEvent, ExitProcess, GetVersionExA, CreateFileA, CloseHandle, GlobalAlloc, GlobalFree, GetLastError, GetModuleHandleA, GetCommandLineA, RtlUnwind, SetFilePointer, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, WriteFile, ReadFile, GetProcAddress, TerminateProcess, GetCurrentProcess, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, FlushFileBuffers, HeapAlloc, HeapReAlloc, HeapSize, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, SetStdHandle, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualQuery> USER32.dll: GetUserObjectSecurity> ADVAPI32.dll: IsValidSecurityDescriptor, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerA, SetServiceStatus, GetKernelObjectSecurity, SetKernelObjectSecurity, GetSecurityDescriptorOwner, LookupAccountSidA, GetSecurityDescriptorGroup, LookupAccountNameA, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, StartServiceA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, DeleteService, ControlService, OpenServiceA, SetSecurityDescriptorDacl, AddAccessAllowedAce, GetAce, AddAce, InitializeAcl, GetAclInformation, GetLengthSid( 0 exports ) Malwarebytes' Anti-Malware 1.19Database version: 909Windows 5.1.2600 Service Pack 323:03:26 30/06/2008mbam-log-6-30-2008 (23-03-26).txtScan type: Quick ScanObjects scanned: 1Time elapsed: 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JeanInMontana Posted July 1, 2008 ID:21611 Share Posted July 1, 2008 I need you to upload the file here http://uploads.malwarebytes.org/ not scan with MBAM. Link to post Share on other sites More sharing options...
JeanInMontana Posted July 1, 2008 ID:21612 Share Posted July 1, 2008 Let's see if this tool finds anything peco.Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">SDFix.exe and save it to your desktop. Double click SDFix.exe and choose Install to extract it to itsown folder on the Desktop. Please then reboot your computer in SafeMode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Finally copy and paste the contents of the results file Report.txt with a new HijackThis logReboot your system in Normal Mode. Then post the SDFix log and a new HJT log please. Link to post Share on other sites More sharing options...
peco Posted July 1, 2008 Author ID:21630 Share Posted July 1, 2008 I need you to upload the file here http://uploads.malwarebytes.org/ not scan with MBAM.Hi Jean,Sorry about that, done now,Peco Link to post Share on other sites More sharing options...
peco Posted July 1, 2008 Author ID:21638 Share Posted July 1, 2008 Hi Jean,Logs enclosed,PecoSDFix: Version 1.199 Run by Administrator on 01/07/2008 at 22:22Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFix\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRebootingChecking Files : No Trojan Files FoundFolder C:\DOCUME~1\User\LOCALS~1\Temp\privacy_danger - RemovedRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-01 22:30:46Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0Remaining Services :Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer""C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime""C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox""C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer""C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express""C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe"="C:\\Program Files\\Lavasoft\\Ad-aware 6\\Ad-aware.exe:*:Enabled:Ad-aware 6""C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire""C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour""C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA""C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes""C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype""C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-beta-9704.upx.exe"="C:\\Documents and Settings\\User\\Desktop\\utorrent-1.8-beta-9704.upx.exe:*:Enabled: Link to post Share on other sites More sharing options...
JeanInMontana Posted July 1, 2008 ID:21648 Share Posted July 1, 2008 Well nothing really new there. Few things we can clean up but if your running good, eventually the line we can't get will go away is what I was told.O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)Go ahead and hit that 024 line again too. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Link to post Share on other sites More sharing options...
JeanInMontana Posted July 6, 2008 ID:21981 Share Posted July 6, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts