Jump to content


Photo

Interesting spyware- "install character set"


  • This topic is locked This topic is locked
9 replies to this topic

#1 globaltruth

globaltruth

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 22 December 2007 - 11:12 AM

a message was popping up saying that I needed to install the Chinese character set. Looked like a genuine message from Microsoft (I run XP)
Whatever I then did (install, cancel or even ignore the window) at some point soon after an audio file gets played (but I can't see what player is being used to run it) which I think consists of extracts from a game. A character called Logan has been mentioned in this extract. I noticed that if I did try and install the character set as part of the install it tried to go to a site called www.adyieldx.com
I've been trying to get rid of this spyware - I have McAfee Virus Scan Enterprise edition v8 and Spyware Doctor v4 installed, neither of them could find anything on a full system scan. I then installed Spyware Detector in a further attempt to get rid of this - on initial scan this product did find a Trojan and something called Buckin' Bronc which I have quarantined. However the audio file is still being played at random intervals.

Can anyone suggest how I can track this down and remove it? I've looked on this site but can't find anything similar, and it's difficult to Google for this one.

Thanks in advance

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes, 22 December 2007 - 11:40 AM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,521 posts

Posted 25 December 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 globaltruth

globaltruth

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 December 2007 - 10:58 AM

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.


here's the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:29, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Tracks Washer\trackswasher.exe
C:\Program Files\Internet Tracks Washer\washservice.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\DOCUME~1\IEVETT~1.LAP\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\program files\internet explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice Automatic Updates Agent.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu2.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1191310065750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155996710984
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDFDFC-5C30-403D-9462-47C78E689A27}: NameServer = 192.168.0.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Tracks Washer Registry Service (WTWService) - Unknown owner - C:\Program Files\Internet Tracks Washer\washservice.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 18416 bytes

#4 globaltruth

globaltruth

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 03 January 2008 - 08:13 AM

Bit more info:
  • still happening despite trying various tools
  • every time event happens, I get the "install character set" box
  • followed by a random clip being played thru the speakers
  • and my browser session gets knocked over
it would be really great if you could offer some advice.

here's a clip from my Spyware Detector log, I don't know if it is any help or not.

Trojan.Agent Registry Key hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7} Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"servicename" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\servicename\:diccionario de la real academia española Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"sourcedata" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\sourcedata\:sdict Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"description" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\description\:look up definitions quickly using the diccionario de la real academia española. Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"aboutpath" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\aboutpath\:http://www.rae.es Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"termsofuse" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\termsofuse\:diccionario de la real academia española. vigésima segunda edición revisada. © real academia española. Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"categoryid" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\categoryid\:0 Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"sortorder" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\sortorder\:0 Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"status" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\status\:enabled Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"display" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\display\:off Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"parental" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\parental\:unsupported Scan
Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"persistdata" Scan
Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\persistdata\:0

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 03 January 2008 - 08:55 AM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

This tool will only report if it finds some Smitfraud infection.

Please download SmitfraudFix (by S!Ri)
Extract all the content (to a folder named SmitfraudFix) on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Wait for further instructions from me.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 globaltruth

globaltruth

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 03 January 2008 - 10:18 AM

Hi,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

This tool will only report if it finds some Smitfraud infection.

Please download SmitfraudFix (by S!Ri)
Extract all the content (to a folder named SmitfraudFix) on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Wait for further instructions from me.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Hi Nasdaq,

here's the content of the report as requested, I ran it twice - spyware detector told me that it had detected backdoor.rustock while SmitFraudFix was running....
RUN 1
SmitFraudFix v2.274

Scan done at 15:04:16.40, 03/01/2008
Run from C:\ian\personal\downloads\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Anti-Malware\a2wizard.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\CSCRIPT.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IEVETT~1.LAP\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GO333C~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

pe386 detected, use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: Cisco Systems VPN Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.101
DNS Server Search Order: 192.168.0.101

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: NameServer=192.168.0.101,192.168.0.101


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

RUN 2
SmitFraudFix v2.274

Scan done at 15:12:36.26, 03/01/2008
Run from C:\ian\personal\downloads\smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\a-squared Anti-Malware\a2wizard.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\CSCRIPT.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IEVETT~1.LAP\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GO333C~1\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

xpdx detected, use a Rootkit scanner
pe386 detected, use a Rootkit scanner
lzx32 detected, use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: Cisco Systems VPN Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.101
DNS Server Search Order: 192.168.0.101

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: NameServer=192.168.0.101,192.168.0.101


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Hope this helps.

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 03 January 2008 - 02:09 PM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Nothing suspicious was found on your log.

Download Combofix to your desktop. Important.

1 - Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link http://www.bleepingc...opic114351.html to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthis log.

Let me know what problem presists.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

p.s.
When replying to your topic, please use the Posted Image button.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 globaltruth

globaltruth

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 January 2008 - 05:07 AM

Here's the log from Combofix
ComboFix 08-01-04.1 - ievetts 2008-01-04 9:50:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT 0:00]
Running from: C:\ian\personal\downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-04 09:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 15:04 . 2008-01-03 15:12 5,454 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-01-03 15:03 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-01-03 15:03 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-01-03 15:03 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-01-03 15:03 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-01-03 15:03 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-01-03 15:03 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-01-03 13:41 . 2008-01-04 09:29 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-22 16:35 . 2007-12-22 16:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-22 11:47 . 2007-12-22 11:47 164 --a------ C:\install.dat
2007-12-17 08:51 . 2007-12-17 08:51 <DIR> d-------- C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\Talkback
2007-12-15 10:09 . 2008-01-03 13:13 38,896 --a------ C:\WINDOWS\SYSTEM32\SDRemoveDB.db
2007-12-15 10:05 . 2008-01-03 07:47 123 --a------ C:\WINDOWS\SYSTEM\SysSD.dll
2007-12-15 10:04 . 2007-12-08 18:30 11,728 --a------ C:\WINDOWS\SYSTEM32\SDEarlyDelete.exe
2007-12-15 10:03 . 2008-01-04 09:25 <DIR> d-------- C:\Program Files\SpywareDetector
2007-12-15 10:03 . 2007-03-19 12:39 270,336 --a------ C:\WINDOWS\SYSTEM32\CheckDll.dll
2007-12-15 10:03 . 2007-12-10 18:57 67,024 --a------ C:\WINDOWS\SYSTEM32\CloseAll.exe
2007-12-15 10:03 . 2005-02-06 09:02 104 --a------ C:\WINDOWS\SYSTEM32\ProxySettings.ini
2007-12-15 09:55 . 2007-12-15 09:55 0 --a------ C:\WINDOWS\SYSTEM32\SET28.tmp
2007-12-06 17:51 . 2007-12-06 17:51 <DIR> d-------- C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\Capita

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 09:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-01-04 09:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 07:46 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 15:46 --------- d-----w C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\ZoomBrowser EX
2007-12-07 16:06 --------- d-----w C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\AdobeUM
2007-11-30 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-11-27 16:05 --------- d-----w C:\Program Files\iTunes
2007-11-27 16:05 --------- d-----w C:\Program Files\iPod
2007-11-27 16:01 --------- d-----w C:\Program Files\QuickTime
2006-02-19 03:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-06-23 07:36 17,408 ----a-w C:\Documents and Settings\ievetts\c_cat.exe
2004-08-09 23:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-04-02 09:49 39,424 ------w C:\WINDOWS\INF\GC75.sys
2006-03-26 12:46 8 --sh--r C:\WINDOWS\SYSTEM32\C19C6518BF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 09:01 2115728]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 08:23 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-05-16 13:58 1040832]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 11:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 15:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 15:27 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"GSICONEXE"="gsicon.exe" [2003-03-20 05:36 90112 C:\WINDOWS\SYSTEM32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [2003-03-20 05:36 16384 C:\WINDOWS\SYSTEM32\dslagent.exe]
"CryptoExTrayV3"="C:\Program Files\CryptoEx\Common\CexTray.exe" [2004-09-13 10:37 909312]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 13:03 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 08:35 180269]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 08:51 172032]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48 147514]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Motive SmartBridge"="C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 18:52 462935]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22 543232]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36 229376]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-16 07:09 1836544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-12-24 17:39 706000]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-12-24 17:28 419280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 09:01 2115728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Alice Automatic Updates Agent.lnk - C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2006-09-14 11:46:31]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-08-23 14:56:35]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-09 23:33:07]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 17:02:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon]
C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll 2004-09-01 13:43 57344 C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2007-12-06 11:41 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-746137067-682003330-1110\Scripts\Logoff\0\0]
"Script"=no printers.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-746137067-682003330-1110\Scripts\Logon\0\0]
"Script"=printers.vbs

R0 IFP900;iriver Internet Audio Player IFP-900;C:\WINDOWS\system32\drivers\IFP900.sys [2004-03-29 16:28]
R1 tcpipBM;Bytemobile Kernel Network Provider;C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-06-23 06:21]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 16:26]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-06-10 05:55]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 16:54]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-09-01 16:54]
S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 14:45]
S3 SEWModem;Sony Ericsson GC75 Wireless Modem;C:\WINDOWS\system32\DRIVERS\GC75.sys [2004-04-02 09:49]
S3 USBDFU;USBDFU;C:\WINDOWS\system32\drivers\usbdfu.sys [2003-07-21 11:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1160c428-44cc-11dc-9681-00059a3c7800}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c860177-e8cd-11db-95ff-000e35e5ff13}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - ENTDRV51
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 13:46:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 09:57:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 9:58:39

and here's the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:04, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\CryptoEx\Common\CexTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CryptoEx\Common\EASServer.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinZip\WINZIP32.EXE
C:\DOCUME~1\IEVETT~1.LAP\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice Automatic Updates Agent.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu2.html
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1191310065750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155996710984
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photob...ploader_uni.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: Domain = hq.oakleigh.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: NameServer = 192.168.0.101,192.168.0.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDFDFC-5C30-403D-9462-47C78E689A27}: NameServer = 192.168.0.101
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = hq.oakleigh.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.oakleigh.co.uk
O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Tracks Washer Registry Service (WTWService) - Unknown owner - C:\Program Files\Internet Tracks Washer\washservice.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 18224 bytes

so far today there has been no problem.

#9 globaltruth

globaltruth

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 January 2008 - 12:07 PM

have gone the whole day without either the pop up box saying "install special character set" or the random audio snatches.

May be too soon to say the problem is clear - but it's looking good.

I would really like to know what the problem was, but guess you are all probably too busy fighting the good fight to spend time on post-mortems.

Thank you very much for your patience and help so far.

Best regards.

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 14 January 2008 - 09:03 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button