• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
globaltruth

Interesting spyware- "install character set"

10 posts in this topic

a message was popping up saying that I needed to install the Chinese character set. Looked like a genuine message from Microsoft (I run XP)

Whatever I then did (install, cancel or even ignore the window) at some point soon after an audio file gets played (but I can't see what player is being used to run it) which I think consists of extracts from a game. A character called Logan has been mentioned in this extract. I noticed that if I did try and install the character set as part of the install it tried to go to a site called www.adyieldx.com

I've been trying to get rid of this spyware - I have McAfee Virus Scan Enterprise edition v8 and Spyware Doctor v4 installed, neither of them could find anything on a full system scan. I then installed Spyware Detector in a further attempt to get rid of this - on initial scan this product did find a Trojan and something called Buckin' Bronc which I have quarantined. However the audio file is still being played at random intervals.

 

Can anyone suggest how I can track this down and remove it? I've looked on this site but can't find anything similar, and it's difficult to Google for this one.

 

Thanks in advance

 

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Edited by miekiemoes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites
Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

 

here's the log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:48:29, on 28/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SpywareDetector\SDService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\gsicon.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\CryptoEx\Common\CexTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CryptoEx\Common\EASServer.exe

C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

C:\Program Files\Apoint\Apntex.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SpywareDetector\SDSystemTray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Tracks Washer\trackswasher.exe

C:\Program Files\Internet Tracks Washer\washservice.exe

C:\Program Files\WinZip\WINZIP32.EXE

C:\DOCUME~1\IEVETT~1.LAP\LOCALS~1\Temp\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\program files\internet explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB

O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\btbb_wcm\McciTrayApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [systemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO

O4 - HKLM\..\Run: [sDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Alice Automatic Updates Agent.lnk = ?

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu1.html

O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu2.html

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1191310065750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155996710984

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\Software\..\Telephony: DomainName = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDFDFC-5C30-403D-9462-47C78E689A27}: NameServer = 192.168.0.101

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Tracks Washer Registry Service (WTWService) - Unknown owner - C:\Program Files\Internet Tracks Washer\washservice.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

 

--

End of file - 18416 bytes

Share this post


Link to post
Share on other sites

Bit more info:

  1. still happening despite trying various tools
  2. every time event happens, I get the "install character set" box
  3. followed by a random clip being played thru the speakers
  4. and my browser session gets knocked over

it would be really great if you could offer some advice.

 

here's a clip from my Spyware Detector log, I don't know if it is any help or not.

 

Trojan.Agent Registry Key hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7} Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"servicename" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\servicename\:diccionario de la real academia española Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"sourcedata" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\sourcedata\:sdict Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"description" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\description\:look up definitions quickly using the diccionario de la real academia española. Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"aboutpath" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\aboutpath\:http://www.rae.es Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"termsofuse" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\termsofuse\:diccionario de la real academia española. vigésima segunda edición revisada. © real academia española. Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"categoryid" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\categoryid\:0 Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"sortorder" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\sortorder\:0 Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"status" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\status\:enabled Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"display" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\display\:off Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"parental" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\parental\:unsupported Scan

Trojan.Agent Registry Value hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\"persistdata" Scan

Trojan.Agent Registry Data hkey_users\s-1-5-21-2203260644-4040971430-980345464-1006\software\microsoft\office\11.0\common\research\sources\{88686849-2dd9-474d-9300-778e3336fa5d}\{fdb3e101-5014-44be-aa64-bd0e5b55b3b7}\persistdata\:0

Share this post


Link to post
Share on other sites

Hi,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

This tool will only report if it finds some Smitfraud infection.

 

Please download SmitfraudFix (by S!Ri)

Extract all the content (to a folder named SmitfraudFix) on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

 

Wait for further instructions from me.

 

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Share this post


Link to post
Share on other sites
Hi,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

This tool will only report if it finds some Smitfraud infection.

 

Please download SmitfraudFix (by S!Ri)

Extract all the content (to a folder named SmitfraudFix) on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

 

Wait for further instructions from me.

 

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Hi Nasdaq,

 

here's the content of the report as requested, I ran it twice - spyware detector told me that it had detected backdoor.rustock while SmitFraudFix was running....

RUN 1

SmitFraudFix v2.274

 

Scan done at 15:04:16.40, 03/01/2008

Run from C:\ian\personal\downloads\smitfraudfix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\SpywareDetector\SDService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\gsicon.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\CryptoEx\Common\CexTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CryptoEx\Common\EASServer.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SpywareDetector\SDSystemTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\a-squared Anti-Malware\a2wizard.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\WinZip\WINZIP32.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\CSCRIPT.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IEVETT~1.LAP\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix.exe by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GO333C~1\\GOEC62~1.DLL"

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

pe386 detected, use a Rootkit scanner

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport

DNS Server Search Order: 192.168.1.254

 

Description: Cisco Systems VPN Adapter - Packet Scheduler Miniport

DNS Server Search Order: 192.168.0.101

DNS Server Search Order: 192.168.0.101

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: NameServer=192.168.0.101,192.168.0.101

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

RUN 2

SmitFraudFix v2.274

 

Scan done at 15:12:36.26, 03/01/2008

Run from C:\ian\personal\downloads\smitfraudfix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\SpywareDetector\SDService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\gsicon.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\CryptoEx\Common\CexTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CryptoEx\Common\EASServer.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SpywareDetector\SDSystemTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\a-squared Anti-Malware\a2wizard.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\WinZip\WINZIP32.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\NOTEPAD.EXE

C:\WINDOWS\system32\CSCRIPT.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\IEVETT~1.LAP\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix.exe by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GO333C~1\\GOEC62~1.DLL"

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

xpdx detected, use a Rootkit scanner

pe386 detected, use a Rootkit scanner

lzx32 detected, use a Rootkit scanner

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/Wireless 2915ABG Network Connection - Packet Scheduler Miniport

DNS Server Search Order: 192.168.1.254

 

Description: Cisco Systems VPN Adapter - Packet Scheduler Miniport

DNS Server Search Order: 192.168.0.101

DNS Server Search Order: 192.168.0.101

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: NameServer=192.168.0.101,192.168.0.101

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Hope this helps.

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Nothing suspicious was found on your log.

 

Download Combofix to your desktop. Important.

 

1 - Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthis log.

 

Let me know what problem presists.

 

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

 

p.s.

When replying to your topic, please use the t_reply.gif button.

Share this post


Link to post
Share on other sites

Here's the log from Combofix

ComboFix 08-01-04.1 - ievetts 2008-01-04 9:50:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT 0:00]

Running from: C:\ian\personal\downloads\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))

.

 

2008-01-04 09:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 15:04 . 2008-01-03 15:12 5,454 --a------ C:\WINDOWS\SYSTEM32\tmp.reg

2008-01-03 15:03 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe

2008-01-03 15:03 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe

2008-01-03 15:03 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe

2008-01-03 15:03 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe

2008-01-03 15:03 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe

2008-01-03 15:03 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe

2008-01-03 13:41 . 2008-01-04 09:29 <DIR> d-------- C:\Program Files\a-squared Anti-Malware

2007-12-22 16:35 . 2007-12-22 16:35 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-22 11:47 . 2007-12-22 11:47 164 --a------ C:\install.dat

2007-12-17 08:51 . 2007-12-17 08:51 <DIR> d-------- C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\Talkback

2007-12-15 10:09 . 2008-01-03 13:13 38,896 --a------ C:\WINDOWS\SYSTEM32\SDRemoveDB.db

2007-12-15 10:05 . 2008-01-03 07:47 123 --a------ C:\WINDOWS\SYSTEM\SysSD.dll

2007-12-15 10:04 . 2007-12-08 18:30 11,728 --a------ C:\WINDOWS\SYSTEM32\SDEarlyDelete.exe

2007-12-15 10:03 . 2008-01-04 09:25 <DIR> d-------- C:\Program Files\SpywareDetector

2007-12-15 10:03 . 2007-03-19 12:39 270,336 --a------ C:\WINDOWS\SYSTEM32\CheckDll.dll

2007-12-15 10:03 . 2007-12-10 18:57 67,024 --a------ C:\WINDOWS\SYSTEM32\CloseAll.exe

2007-12-15 10:03 . 2005-02-06 09:02 104 --a------ C:\WINDOWS\SYSTEM32\ProxySettings.ini

2007-12-15 09:55 . 2007-12-15 09:55 0 --a------ C:\WINDOWS\SYSTEM32\SET28.tmp

2007-12-06 17:51 . 2007-12-06 17:51 <DIR> d-------- C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\Capita

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-04 09:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki

2008-01-04 09:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-01-03 07:46 --------- d-----w C:\Program Files\Spyware Doctor

2008-01-02 15:46 --------- d-----w C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\ZoomBrowser EX

2007-12-07 16:06 --------- d-----w C:\Documents and Settings\ievetts.LAPTOPD9PDXJ1J\Application Data\AdobeUM

2007-11-30 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser

2007-11-27 16:05 --------- d-----w C:\Program Files\iTunes

2007-11-27 16:05 --------- d-----w C:\Program Files\iPod

2007-11-27 16:01 --------- d-----w C:\Program Files\QuickTime

2006-02-19 03:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

2005-06-23 07:36 17,408 ----a-w C:\Documents and Settings\ievetts\c_cat.exe

2004-08-09 23:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2004-04-02 09:49 39,424 ------w C:\WINDOWS\INF\GC75.sys

2006-03-26 12:46 8 --sh--r C:\WINDOWS\SYSTEM32\C19C6518BF.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 09:01 2115728]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 08:23 68856]

"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-05-16 13:58 1040832]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 11:33 155648]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 15:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 15:27 126976]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01 110592]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]

"GSICONEXE"="gsicon.exe" [2003-03-20 05:36 90112 C:\WINDOWS\SYSTEM32\gsicon.exe]

"DSLAGENTEXE"="dslagent.exe" [2003-03-20 05:36 16384 C:\WINDOWS\SYSTEM32\dslagent.exe]

"CryptoExTrayV3"="C:\Program Files\CryptoEx\Common\CexTray.exe" [2004-09-13 10:37 909312]

"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]

"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 13:03 57344]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 08:35 180269]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 08:51 172032]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 19:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50 139320]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48 147514]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"Motive SmartBridge"="C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 18:52 462935]

"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22 543232]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36 229376]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-16 07:09 1836544]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-12-24 17:39 706000]

"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-12-24 17:28 419280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]

"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-12 09:01 2115728]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Alice Automatic Updates Agent.lnk - C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe [2006-09-14 11:46:31]

Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-08-23 14:56:35]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-09 23:33:07]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-01 17:02:22]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoToolbarCustomize"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CexTrayWinLogon]

C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll 2004-09-01 13:43 57344 C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]

C:\Program Files\SpywareDetector\SDNotify.dll 2007-12-06 11:41 167936 C:\Program Files\SpywareDetector\SDNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-746137067-682003330-1110\Scripts\Logoff\0\0]

"Script"=no printers.vbs

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-57989841-746137067-682003330-1110\Scripts\Logon\0\0]

"Script"=printers.vbs

 

R0 IFP900;iriver Internet Audio Player IFP-900;C:\WINDOWS\system32\drivers\IFP900.sys [2004-03-29 16:28]

R1 tcpipBM;Bytemobile Kernel Network Provider;C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-06-23 06:21]

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 16:26]

R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-06-10 05:55]

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]

S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 16:54]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-09-01 16:54]

S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 14:45]

S3 SEWModem;Sony Ericsson GC75 Wireless Modem;C:\WINDOWS\system32\DRIVERS\GC75.sys [2004-04-02 09:49]

S3 USBDFU;USBDFU;C:\WINDOWS\system32\drivers\usbdfu.sys [2003-07-21 11:02]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1160c428-44cc-11dc-9681-00059a3c7800}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c860177-e8cd-11db-95ff-000e35e5ff13}]

\Shell\AutoRun\command - E:\LaunchU3.exe

 

*Newly Created Service* - ENTDRV51

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-09-26 13:46:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-04 09:57:25

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-04 9:58:39

 

and here's the new hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:01:04, on 04/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\basfipm.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Kontiki\KService.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\SpywareDetector\SDService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\gsicon.exe

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\CryptoEx\Common\CexTray.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\CryptoEx\Common\EASServer.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\btbb_wcm\McciTrayApp.exe

C:\Program Files\Apoint\Apntex.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Kontiki\KHost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\T-Mobile\Communication Center\AutoUpdateSrv.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\program files\internet explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\WinZip\WINZIP32.EXE

C:\DOCUME~1\IEVETT~1.LAP\LOCALS~1\Temp\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe

O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB

O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\btbb_wcm\McciTrayApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [systemTraySD] "C:\Program Files\SpywareDetector\SDSystemTray.exe" -AUTO

O4 - HKLM\..\Run: [sDAutoLiveupdate] "C:\Program Files\SpywareDetector\LiveUpdateSD.exe" -AUTO

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Alice Automatic Updates Agent.lnk = ?

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu1.html

O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.19--1827208667.dll/gn_menu2.html

O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digital.WebS....Downloader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1191310065750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155996710984

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\Software\..\Telephony: DomainName = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: Domain = hq.oakleigh.co.uk

O17 - HKLM\System\CCS\Services\Tcpip\..\{2DEEF000-CB67-41A5-A103-D079A7C6790F}: NameServer = 192.168.0.101,192.168.0.101

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CS1\Services\Tcpip\..\{31CDFDFC-5C30-403D-9462-47C78E689A27}: NameServer = 192.168.0.101

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = iStratHQ.iStrat.co.uk

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = hq.oakleigh.co.uk

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.oakleigh.co.uk

O18 - Protocol: t-mobile - {C6D89159-3467-4C2F-9918-3362DA57BCD2} - C:\PROGRA~1\T-Mobile\HOTSPO~1\TMOBIL~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Wireless Adapter Configurator - Unknown owner - C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Windows Tracks Washer Registry Service (WTWService) - Unknown owner - C:\Program Files\Internet Tracks Washer\washservice.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

 

--

End of file - 18224 bytes

 

so far today there has been no problem.

Share this post


Link to post
Share on other sites

have gone the whole day without either the pop up box saying "install special character set" or the random audio snatches.

 

May be too soon to say the problem is clear - but it's looking good.

 

I would really like to know what the problem was, but guess you are all probably too busy fighting the good fight to spend time on post-mortems.

 

Thank you very much for your patience and help so far.

 

Best regards.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0