1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware - blocking removal by malware antimalwarebytes

Discussion in 'Virus & Other Malware Removal' started by HCD, Nov 8, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

    Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:58, on 08/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
    C:\WINDOWS\system32\lxdjcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
    C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
    O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
    O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    MBAM log file

    Malwarebytes' Anti-Malware 1.30
    Database version: 1373
    Windows 5.1.2600 Service Pack 3

    08/11/2008 10:42:00
    mbam-log-2008-11-08 (10-41-43).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 258882
    Time elapsed: 1 hour(s), 19 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 20

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

    Registry Values Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\TDSSrhyp.dll (Trojan.TDSS) -> No action taken.
    C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
    C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\wini10802.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\TDSShrsr.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> No action taken.
    C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\TDSSoiqn.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\TDSSoitt.log (Trojan.TDSS) -> No action taken.
    C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> No action taken.


    Regards

    HCD
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download SDFix and save it to your Desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread with a new HijackThis log.
     
  3. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    Many thanks Cybertech.

    Have done as requested

    b]SDFix: Version 1.240 [/b]
    Run by Shaun on 08/11/2008 at 16:48

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Name :
    tdssserv
    TDSSserv.sys

    Path :
    \systemroot\system32\drivers\TDSSmqlt.sys
    \systemroot\system32\drivers\TDSSpqxt.sys

    tdssserv - Deleted
    TDSSserv.sys - Deleted



    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\DOCUME~1\SHAUN\COOKIES\CEBOSI~1.SCR - Deleted
    C:\WINDOWS\ezyv._sy - Deleted
    C:\WINDOWS\fyzyryrygi._sy - Deleted
    C:\WINDOWS\system32\drivers\TDSSmqlt.sys - Deleted
    C:\WINDOWS\system32\drivers\TDSSpqxt.sys - Deleted
    C:\WINDOWS\system32\TDSSorvd.dat - Deleted
    C:\WINDOWS\SYSTEM32\TDSSORVD.dat - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-08 17:03:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
    "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
    "C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"="C:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe:*:Enabled:Avid Editor"
    "C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe"="C:\\Program Files\\Hasbro Interactive\\Clue\\Clue.exe:*:Enabled:Clue"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
    "C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
    "E:\\Utils\\UpgradeWizard\\upgradeBTHH.exe"="E:\\Utils\\UpgradeWizard\\upgradeBTHH.exe:*:Enabled:BT Home Hub Upgrader"
    "C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
    "C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"="C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
    "C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"="C:\\Program Files\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help Browser"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:pnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:pnkBstrB"
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\WINDOWS\\system32\\lxdjcoms.exe"="C:\\WINDOWS\\system32\\lxdjcoms.exe:*:Enabled:Lexmark Communications System"
    "C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"="C:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe:*:Enabled:Lexmark Device Monitor"
    "C:\\Program Files\\Lexmark 1400 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1400 Series\\App4R.exe:*:Enabled:printing Application"
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe:*:Enabled: "
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe:*:Enabled:IreIke"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe:*:Enabled: "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe:*:Enabled: "
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe:*:Enabled: "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Lexmark 1400 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1400 Series\\App4R.exe:*:Enabled:printing Application"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe:*:Enabled:IreIke"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe"="C:\\Program Files\\Juniper\\NetScreen-Remote\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 14 Apr 2008 1,695,232 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL0003.tmp"
    Tue 2 Oct 2007 22,528 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL0019.tmp"
    Tue 2 Oct 2007 22,016 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL1109.tmp"
    Tue 2 Oct 2007 21,504 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL1406.tmp"
    Tue 2 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL1530.tmp"
    Tue 2 Oct 2007 21,504 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL1557.tmp"
    Sun 4 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL1947.tmp"
    Tue 2 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2372.tmp"
    Mon 5 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2436.tmp"
    Tue 2 Oct 2007 20,480 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2449.tmp"
    Tue 2 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2490.tmp"
    Tue 2 Oct 2007 22,528 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2669.tmp"
    Tue 2 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2698.tmp"
    Wed 27 Feb 2008 22,528 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL2854.tmp"
    Wed 27 Feb 2008 25,088 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL3477.tmp"
    Wed 27 Feb 2008 22,016 ...H. --- "C:\Documents and Settings\Seb.ELLIS\My Documents\~WRL3982.tmp"
    Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
    Tue 2 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL0003.tmp"
    Tue 6 Feb 2007 19,968 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL0004.tmp"
    Wed 27 Feb 2008 19,456 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL0005.tmp"
    Tue 2 Oct 2007 20,480 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL0389.tmp"
    Tue 2 Oct 2007 20,480 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL0621.tmp"
    Sun 4 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL0642.tmp"
    Sun 15 Jun 2008 31,232 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL1111.tmp"
    Sun 4 Nov 2007 26,112 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL1255.tmp"
    Tue 2 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL1261.tmp"
    Tue 2 Oct 2007 19,968 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL1443.tmp"
    Sun 4 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL1524.tmp"
    Sun 15 Jun 2008 33,792 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL2118.tmp"
    Tue 2 Oct 2007 21,504 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL2463.tmp"
    Sun 4 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL2557.tmp"
    Sun 4 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL2871.tmp"
    Sun 4 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL3033.tmp"
    Sun 15 Jun 2008 32,256 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL3155.tmp"
    Sun 4 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL3702.tmp"
    Sun 15 Jun 2008 31,232 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL3741.tmp"
    Tue 2 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\Microsoft\Word\~WRL4015.tmp"
    Mon 1 Sep 2008 2,158 ...HR --- "C:\Documents and Settings\Seb.ELLIS\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Seb.ELLIS\Application Data\U3\temp\Launchpad Removal.exe"
    Thu 11 Oct 2007 27,648 ...H. --- "C:\Documents and Settings\Shaun\Application Data\Microsoft\Templates\~WRL3500.tmp"
    Wed 17 Oct 2007 180,736 ...H. --- "C:\Documents and Settings\Shaun\Application Data\Microsoft\Word\~WRL0005.tmp"
    Sun 12 Oct 2008 2,571 ...HR --- "C:\Documents and Settings\Shaun\Application Data\SecuROM\UserData\securom_v7_01.bak"
    Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\Shaun\Application Data\U3\temp\Launchpad Removal.exe"
    Sat 25 Sep 2004 19,456 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Beavers\~WRL2249.tmp"
    Sat 3 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Cheil\~WRL2019.tmp"
    Sat 26 Apr 2003 19,456 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Letters\~WRL2974.tmp"
    Fri 12 Jul 2002 19,456 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Ronnie - The Birdlar\~WRL1265.tmp"
    Tue 24 Sep 2002 3,464,704 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Ronnie - The Birdlar\~WRL2972.tmp"
    Sun 28 Oct 2001 96,256 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Sebastian\~WRL1557.tmp"
    Thu 3 Apr 2003 20,992 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Shaun CV\~WRL0004.tmp"
    Tue 8 Apr 2003 22,528 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Shaun CV\~WRL1885.tmp"
    Sat 25 Oct 2003 20,992 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Shaun CV\Applications\~WRL0004.tmp"
    Sat 25 Oct 2003 22,528 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Shaun CV\Applications\~WRL2373.tmp"
    Mon 22 Sep 2003 43,008 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Shaun CV\Company Research\~WRL0849.tmp"
    Fri 8 Aug 2003 217,600 A..H. --- "C:\Documents and Settings\Shaun\My Documents\Shaun Ellis\My Documents\Shaun CV\Company Research\~WRL3114.tmp"

    Finished!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:09:36, on 08/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
    C:\WINDOWS\system32\lxdjcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
    C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
    O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
    O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 9788 bytes
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Try Malwarebytes' again now and post that log. The HJT log is not clean.
     
  5. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    Have done a full scan - comes up clean....

    Malwarebytes' Anti-Malware 1.30
    Database version: 1373
    Windows 5.1.2600 Service Pack 3

    08/11/2008 21:04:51
    mbam-log-2008-11-08 (21-04-51).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 249392
    Time elapsed: 1 hour(s), 11 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Is there anything else I can do? Manual removal?

    Thanks for your help thus far - much appreciated
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    4. In Additional Scans section put a check in BotCheck and Disabled MS Config Items and EventViewer Errors/Warnings
    5. Now click the Run Scan button on the toolbar.
    6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  7. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    You were correct - big file....but no sign of any attachments section. Have done a full document search for "attachments". Any pointers? Have I done the right basic search on the scan?
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    At the bottom of my post, this one, click on the Reply button.
     

    Attached Files:

  9. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    Have compressed file
     

    Attached Files:

  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.


    Code:
    [Kill Explorer]
    [Unregister Dlls]
    [Registry - All]
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YN -> karna.datNTS -> 
    YN -> AND -> 
    YN -> S -> 
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    [Files/Folders - Created Within 90 days]
    NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    [Files/Folders - Modified Within 90 days]
    NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
    

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
    Post that information back here with a new hijackthis log.
     
  11. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    [Registry - All]
    Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:karna.datNTS .
    Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:AND .
    Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:S .
    [Files/Folders - Created Within 90 days]
    [Files/Folders - Modified Within 90 days]
    C:\WINDOWS\8FB57159934C43429F18563216016EE9.TMP folder deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    [Empty Temp Folders]
    File delete failed. C:\Documents and Settings\Shaun\Local Settings\Temp\Perflib_Perfdata_74c.dat scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    RecycleBin -> emptied.
    Explorer started successfully
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 11082008_222250

    Files moved on Reboot...
    File C:\Documents and Settings\Shaun\Local Settings\Temp\Perflib_Perfdata_74c.dat not found!


    New HJT logLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:27:15, on 08/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
    C:\WINDOWS\system32\lxdjcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
    C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
    O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
    O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 9821 bytes
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O20 - AppInit_DLLs: karna.dat

    Close all applications and browser windows before you click "fix checked".


    Restart the machine and post a new hijackthis log
     
  13. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    Completed as per above
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:46:02, on 08/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
    C:\WINDOWS\system32\lxdjcoms.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Yahoo!\YOP\yop.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
    C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
    O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
    O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Shaun\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe
    O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 9853 bytes
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks good from here. Any problems on your end?
     
  15. HCD

    HCD Thread Starter

    Joined:
    Oct 29, 2007
    Messages:
    495
    Looks much better from here. IE is moving much quicker and pages are not being blocked. I would like to take this opportunity to thank you for your considerable time, clear expertise and outstanding support - I will make a contribution very shortly.

    Best wishes
    HCD
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/767100

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice