0

I can sign into my messenger, but the icon goes down into my tool bar, and when I put my cursor over it, the icon totally disappears and signs me out! I’ve followed the instructions in the link http://messenger-support.spaces.live.com/blog/cns!8B3F39C76A8B853F!15940.entry, it worked for a few hours but the problem started again.I’ve also changed the password for the Windows Live ID I am having problems with, but the problem has not been solved. I had the same problem before and it was solved after running the "Malwarebytes' Anti-Malware" and the "ESET Online Scanner". I ran both programs this time, no virus / threats have been found but the problem has not been solved. Can someone please assist?

My latest "Hijack this" and "Malwarebytes' Anti-Malware logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:24:51, on 28/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1284969106&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.4\bh\BabylonToolbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [epm-dm] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarsrv.exe" /md I
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://niraikanai.miemasu.net/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://uema.ath.cx:81/cgi-bin/kxhcm10.ocx
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://220.157.155.55:8081/activex/AxisCamControl.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.praiabarra.com.br/h263ctrl.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://88.247.210.37/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://secure.imperial.nhs.uk/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} (SodaAgt Class) - https://secure.imperial.nhs.uk/dana-na/auth/url_default/On-DemandAgent/SodaAgent.CAB
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 16852 bytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4305

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/09/2010 19:01:07
mbam-log-2010-09-28 (19-01-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 269449
Time elapsed: 48 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4
Contributors
40
Replies
41
Views
6 Years
Discussion Span
Last Post by APSoares
0

I have the same problem. I have uninstalled and reinstalled Live Messenger. Tried deleting the MSN Messenger appdata. Tried uninstalling IE8. Ran CCleaner, now trying MalwareBytes. Any other suggestions?

0

I can sign into my messenger, but the icon goes down into my tool bar, and when I put my cursor over it, the icon totally disappears and signs me out! I’ve followed the instructions in the link http://messenger-support.spaces.live.com/blog/cns!8B3F39C76A8B853F!15940.entry, it worked for a few hours but the problem started again.I’ve also changed the password for the Windows Live ID I am having problems with, but the problem has not been solved. I had the same problem before and it was solved after running the "Malwarebytes' Anti-Malware" and the "ESET Online Scanner". I ran both programs this time, no virus / threats have been found but the problem has not been solved. Can someone please assist?

Read me before posting a request for assistance

0

I've performed all the instructions posted above.
Please find attached, the requested scanlogs:

• MalwareBytes’ Anti-Malware log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4305

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/10/2010 11:16:08
mbam-log-2010-10-02 (11-16-08).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 253065
Time elapsed: 45 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

• GMER One.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-02 10:19:45
Windows 5.1.2600 Service Pack 3
Running: zjdgu1zd.exe; Driver: C:\DOCUME~1\ANTION~1.ACE\LOCALS~1\Temp\kwqdyfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

• GMER Two.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-02 10:28:16
Windows 5.1.2600 Service Pack 3
Running: zjdgu1zd.exe; Driver: C:\DOCUME~1\ANTION~1.ACE\LOCALS~1\Temp\kwqdyfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF28A5E26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF28A6704]
SSDT F723064E ZwCreateKey
SSDT F7230644 ZwCreateThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF28A6864]
SSDT F7230653 ZwDeleteKey
SSDT F723065D ZwDeleteValueKey
SSDT F7230662 ZwLoadKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF28A67C8]
SSDT F7230630 ZwOpenProcess
SSDT F7230635 ZwOpenThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF28A628E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF28AA190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF28AA0FA]
SSDT F723066C ZwReplaceKey
SSDT F7230667 ZwRestoreKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF28A5DCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF28A68C4]
SSDT F7230658 ZwSetValueKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF28A5D68]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xF28A5CBC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF28A5D04]

---- EOF - GMER 1.0.15 ----

• BOTH DDS ScanLogs (DDS.txt & Attach.txt)


DDS (Ver_10-03-17.01) - FAT32x86
Run by Antiono at 11:28:07.92 on 02/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.253 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Documents and Settings\Antiono.ACER-AC84C68AD2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.15.4\bh\BabylonToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {0e1230f8-ea50-42a9-983c-d22abc2eed3b} - c:\windows\system32\ToolBand.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.15.4\BabylonToolbarTlbr.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [epm-dm] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\arcade\PCMService.exe"
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LaunchApp] Alaunch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BabylonToolbar] "c:\program files\babylontoolbar\babylontoolbar\1.4.15.4\BabylonToolbarsrv.exe" /md I
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://niraikanai.miemasu.net/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://uema.ath.cx:81/cgi-bin/kxhcm10.ocx
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://img2.orkut.com/activex/10035/photouploader.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://220.157.155.55:8081/activex/AxisCamControl.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://www.praiabarra.com.br/h263ctrl.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://88.247.210.37/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://secure.imperial.nhs.uk/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} - hxxps://secure.imperial.nhs.uk/dana-na/auth/url_default/On-DemandAgent/SodaAgent.CAB
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\antion~1.ace\applic~1\mozilla\firefox\profiles\7tziwe5o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=10588
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10588&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}(3)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}(2)
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-4 11608]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-4 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-4 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-4 60936]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-20 54752]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-10-12 73368]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 PAC207;PC [email]Camer@;c:\windows\system32\drivers\PFC027.SYS[/email] [2009-11-3 618112]

=============== Created Last 30 ================

2010-10-01 11:02:45 217146 ----a-w- c:\windows\WindowsUpdate.zip
2010-09-28 15:13:19 0 d-----w- c:\windows\system32\wbem\Repository
2010-09-28 15:12:15 0 d-----w- c:\program files\BabylonToolbar
2010-09-19 19:15:19 0 d-----w- c:\docume~1\antion~1.ace\applic~1\BabylonToolbar
2010-09-19 18:37:45 0 d-----w- c:\program files\Babylon
2010-09-18 08:01:48 0 d-----w- c:\docume~1\antion~1.ace\applic~1\Uniblue

==================== Find3M ====================

2010-09-10 02:19:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-20 07:06:28 0 ----a-w- c:\docume~1\antion~1.ace\applic~1\wklnhst.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:36 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:16 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 09:48:36 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe

============= FINISH: 11:29:05.96 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 26/02/2008 20:57:11
System Uptime: 10/02/2010 11:18:16 (5616 hours ago)

Motherboard: Acer, Inc. | | Crane II
Processor: Intel(R) Pentium(R) M processor 1.70GHz | U1 | 1695/100mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 45 GiB total, 2.325 GiB free.
D: is FIXED (FAT32) - 45 GiB total, 45.338 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP574: 20/09/2010 11:53:58 - System Checkpoint
RP575: 22/09/2010 09:59:38 - System Checkpoint
RP576: 25/09/2010 18:40:02 - Installed Microsoft Fix it 50508
RP577: 25/09/2010 18:44:31 - Removed Windows Live Favorites for Windows Live Toolbar
RP578: 25/09/2010 20:14:30 - Windows XP
RP579: 27/09/2010 10:43:56 - System Checkpoint
RP580: 28/09/2010 16:09:51 - Restore Operation
RP581: 29/09/2010 10:57:36 - Software Distribution Service 3.0
RP582: 02/10/2010 09:05:00 - Removed Windows Live Messenger
RP583: 02/10/2010 09:40:17 - Installed Microsoft Fix it 50508

==== Installed Programs ======================

Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.21
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.3.4
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arcade 3.0
ArcSoft VideoImpression 2
Arquivo do WinRAR
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
AXIS Media Control Embedded
CCleaner
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
ESET Online Scanner v3
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2 for FinePix
Intel(R) PROSet/Wireless Software
iPod for Windows 2005-02-07
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Juniper Networks Cache Cleaner 5.3.0
Junk Mail filter update
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
mCore
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MicroStaff WINASPI
mMHouse
Mozilla Firefox (3.6.6)
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MVision
mWlsSafe
mXML
MyBabylon toolbar
NTI Backup NOW! 4
NTI CD & DVD-Maker
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PC Camer@
Picasa 3
PowerProducer
QuickTime
Rapport
RAW FILE CONVERTER LE
RealPlayer
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sky Broadband
Skype Toolbars
Skype™ 4.2
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem with SmartCP
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Uniblue RegistryBooster
Uniblue System Tweaker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vodafone Mobile Connect Lite Huawei
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

28/09/2010 15:09:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
28/09/2010 15:09:05, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
27/09/2010 09:47:34, error: Dhcp [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 0013CEA52953 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
25/09/2010 19:53:06, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0013CEA52953 has been denied by the DHCP server 10.243.121.97 (The DHCP Server sent a DHCPNACK message).
25/09/2010 18:44:38, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
25/09/2010 17:31:11, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The process cannot access the file because it is being used by another process.
25/09/2010 17:30:31, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0013CEA52953 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

I have also attached a screen print of the GMER (Word doc attached). I would appreciate if you can let me know if the selections I've made in the GMER GUI are correct.

I look forward to receiving your reply.

Kind regards,
Antonio

Attachments
0

I do not have software to read the .doc file. You need to save it in paint.

You never updated Malwarebytes so you need to do that and re-scan please.

====

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 21 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

====

None of the logs really show anything that could be causing the issue you are experiencing.
Once you have done the above, we can look further.

0

Hi there,

I've saved a copy of the Word doc in paint, as requested (copy attached). Please let me know if you can open it now.

I've also updated Malwarebytes. It was showing 2 infected files this time. Copy of log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4733

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/10/2010 16:10:44
mbam-log-2010-10-02 (16-10-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 266774
Time elapsed: 49 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\anspyware.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\wipesup.bat (Malware.Trace) -> Quarantined and deleted successfully.


I was a little bit confused on what to select for "Plataform and Language" when trying to download JavaRa, so I did not proceed with the installation. Would you mind telling me what options I should select for both items?

Kind regards,
Antonio

0

I am sorry, I've forgotten to post the JavaRa.log with the previous message. Here it is:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Oct 02 16:41:49 2010

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre6(2)

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_15

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_15

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_15

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_15

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_15

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_14

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_15

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

------------------------------------

Finished reporting.

regards,
Antonio

0

Platform is Windows and language is whatever your system is set up for :).

====

Scan with GMER exactly as you have it shown.

0

Hi Crunchie,

I've now received the notification that JAVA has been installed successfully.

Results from GMER scan:

• GMER One.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-03 16:56:49
Windows 5.1.2600 Service Pack 3
Running: zjdgu1zd.exe; Driver: C:\DOCUME~1\ANTION~1.ACE\LOCALS~1\Temp\kwqdyfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


• GMER Two.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-03 16:57:10
Windows 5.1.2600 Service Pack 3
Running: zjdgu1zd.exe; Driver: C:\DOCUME~1\ANTION~1.ACE\LOCALS~1\Temp\kwqdyfog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xF2927E26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF2928704]
SSDT F72B42EE ZwCreateKey
SSDT F72B42E4 ZwCreateThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF2928864]
SSDT F72B42F3 ZwDeleteKey
SSDT F72B42FD ZwDeleteValueKey
SSDT F72B4302 ZwLoadKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF29287C8]
SSDT F72B42D0 ZwOpenProcess
SSDT F72B42D5 ZwOpenThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xF292828E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF292C190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF292C0FA]
SSDT F72B430C ZwReplaceKey
SSDT F72B4307 ZwRestoreKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xF2927DCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF29288C4]
SSDT F72B42F8 ZwSetValueKey
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xF2927D68]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xF2927CBC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xF2927D04]

---- EOF - GMER 1.0.15 ----


I look forward to hearing from you.

Thank you so much for your support with this!

kind regards,
Antonio

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Hi Crunchie,

I have downloaded ComboFix before and the link is still in my desktop. Can I use the existing link to run it or do I need to download it again?

regards,
Antonio

0

Hi Crunchie,

I ran Combo.fix (please find below a copy of the log). Just one thing, the laptop was swtiched off automatically; when I loggged in, the Combo.fix window was showing in the screen informing that the system was preparing a log and I should not run any other programs until it has finished. However, messenger and "registry booster" started running and I manually stopped them. The Avira anti-virus guard, deactivated before I started, was also automatically activated and I did not touch it. Does it affect anything?

ComboFix 10-10-04.01 - Antiono 05/10/2010 7:43.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.491 [GMT 1:00]
Running from: c:\documents and settings\Antiono.ACER-AC84C68AD2\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-03 15:35 . 2010-10-03 15:35 503808 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b964e71-n\msvcp71.dll
2010-10-03 15:35 . 2010-10-03 15:35 499712 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b964e71-n\jmc.dll
2010-10-03 15:35 . 2010-10-03 15:35 348160 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b964e71-n\msvcr71.dll
2010-10-03 15:35 . 2010-10-03 15:35 61440 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-28769acf-n\decora-sse.dll
2010-10-03 15:35 . 2010-10-03 15:35 12800 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-28769acf-n\decora-d3d.dll
2010-10-03 15:34 . 2010-10-03 15:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-01 11:02 . 2010-10-01 11:02 217146 ----a-w- c:\windows\WindowsUpdate.zip
2010-09-28 15:24 . 2010-09-28 15:24 -------- d-----w- c:\documents and settings\Paul\Application Data\BabylonToolbar
2010-09-28 15:13 . 2010-09-28 15:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-28 15:12 . 2010-09-28 15:12 -------- d-----w- c:\program files\BabylonToolbar
2010-09-19 22:42 . 2010-09-19 22:42 353512 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\RapportMS.dll
2010-09-19 22:42 . 2010-09-19 22:42 12544 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\RapportIaso.sys
2010-09-19 19:15 . 2010-09-19 19:15 -------- d-----w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\BabylonToolbar
2010-09-19 18:37 . 2010-09-19 18:37 -------- d-----w- c:\program files\Babylon
2010-09-18 08:01 . 2010-09-18 08:01 -------- d-----w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 06:53 . 2008-03-30 18:29 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-13 18:49 . 2010-08-17 08:36 452104 ----a-w- c:\documents and settings\Paul\Application Data\Real\Update\setup3.12\setup.exe
2010-09-12 18:40 . 2010-07-26 06:51 452104 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Real\Update\setup3.12\setup.exe
2010-08-20 07:06 . 2010-08-20 07:06 0 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\wklnhst.dat
2010-08-17 13:17 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 08:51 . 2010-08-17 08:51 -------- d-----w- c:\documents and settings\Paul\Application Data\System Tweaker
2010-08-09 11:03 . 2010-08-09 11:03 323584 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Mozilla\Firefox\Profiles\7tziwe5o.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
2010-07-22 15:49 . 2004-08-04 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 17:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 08:05 . 2010-07-21 08:05 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 08:05 . 2010-07-21 08:05 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-21 08:05 . 2010-07-21 08:05 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 08:05 . 2010-07-21 08:05 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 08:05 . 2010-07-21 08:05 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 19:15 . 2010-06-29 13:57 0 ----a-w- c:\documents and settings\Antiono.ACER-AC84C68AD2\Local Settings\Application Data\prvlcl.dat
2010-07-10 14:06 . 2010-07-10 14:06 10134 ----a-r- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-07-10 14:05 . 2010-07-10 14:05 10134 ----a-r- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-07-10 14:05 . 2010-07-10 14:05 10134 ----a-r- c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-07-07 09:48 . 2010-07-07 09:48 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
2010-08-09 11:03 221184 ----a-w- c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.4\bh\BabylonToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98889811-442D-49dd-99D7-DC866BE87DBC}"= "c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarTlbr.dll" [2010-08-09 176128]

[HKEY_CLASSES_ROOT\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}]
[HKEY_CLASSES_ROOT\Babylon.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Babylon.dskBnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67456]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-07-15 196608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-11 185896]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-07-15 2985472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.4\BabylonToolbarsrv.exe" [2010-08-09 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Paul\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-7-10 67128]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2008-7-13 241664]

[HKLM\~\startupfolder\C:^Documents and Settings^Antiono.ACER-AC84C68AD2^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\Antiono.ACER-AC84C68AD2\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Antiono.ACER-AC84C68AD2^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Antiono.ACER-AC84C68AD2\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Neoteris\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Documents and Settings\\Paul\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Java\\JRE6\\BIN\\JAVA.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/08/2010 09:56 135336]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13/03/2008 19:08 24576]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [12/10/2009 16:31 73368]
S3 PAC207;PC [email]Camer@;c:\windows\system32\drivers\PFC027.SYS[/email] [03/11/2009 18:15 618112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-17 10:11]

2010-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-10-05 c:\windows\Tasks\User_Feed_Synchronization-{1D720A91-1E20-4D68-8C34-2E988EBC7A58}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-10-05 c:\windows\Tasks\User_Feed_Synchronization-{4AF2E9F1-BFBE-45D0-8439-3C252FEC0E43}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://niraikanai.miemasu.net/SysCamInst.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://uema.ath.cx:81/cgi-bin/kxhcm10.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://88.247.210.37/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Antiono.ACER-AC84C68AD2\Application Data\Mozilla\Firefox\Profiles\7tziwe5o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=10588
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=10588&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-14004083-294078908-1336101872-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6776)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-10-05 08:01:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-05 07:01

Pre-Run: 1,968,013,312 bytes free
Post-Run: 2,100,953,088 bytes free

- - End Of File - - DAD4D423EDE9BC7B0298BEB6C16639FF

0

Hi Crunchie,

I am not sure if you need this, but I ran a search in the laptop for "ComboFix", because I remember having two logs when I used it before, and found the second following log:

ComboFix-quarantne-files.txt

2010-10-05 06:49:42 . 2010-10-05 06:49:44 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MYWEBSEARCHSERVICE.reg.dat
2010-07-12 16:07:42 . 2010-07-12 16:07:44 128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ToolCar.reg.dat
2010-07-12 16:07:39 . 2010-07-12 16:07:40 142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-LogitechSetup.reg.dat
2010-07-12 16:07:38 . 2010-07-12 16:07:40 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2010-07-12 16:07:37 . 2010-10-05 07:00:14 213 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2010-07-12 15:57:06 . 2010-07-12 15:57:08 984 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2010-07-12 15:56:57 . 2010-10-05 06:49:32 8,879 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-12 15:44:31 . 2010-10-05 06:39:38 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-03 17:15:42 . 2009-11-03 17:15:44 922 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\PC Camer@ \Uninstall.lnk.vir
2009-11-03 17:15:39 . 2009-11-03 17:15:40 519 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\PC Camer@ \Amcap.lnk.vir
2009-06-21 18:58:32 . 2009-06-21 19:09:24 86 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Paul\System\win_qs8.jqx.vir
2008-09-13 09:33:22 . 2008-09-13 09:33:22 430,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\BSTIEPrintCtl1.dll.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 53,299 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 208,896 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPCap\daemon_mgm.exe.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPCap\npf_mgm.exe.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinPCap\rpcapd.exe.vir
2008-02-26 20:07:40 . 2005-06-16 18:06:38 30,336 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2007-04-24 12:11:14 . 2007-04-24 12:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.1.inf.vir
2005-12-15 16:24:34 . 2005-12-15 16:24:34 458 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\install.inf.vir
2005-03-30 11:59:28 . 2005-03-30 11:59:28 313 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\uninstall.ini.vir


regards,
Antonio

0

Generally the AV should be closed down, but I have seen combofix run fine either way.
Just get you to check a file;

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\sysenv.dll

====

How are things since the combofix run?

0

Hi Crunchie,

Jotti's malware scan
Filename: sysenv.dll
Status: Scan finished. 0 out of 18 scanners reported malware.
Scan taken on: Tue 5 Oct 2010 12:21:14 (CET) Permalink

Additional info
File size: 53248 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: b55ab84e3fe8f7f23e860fb4e4628960
SHA1: 8cd588adaffed87a80f67dca1027c83494c107ba

Scanners
2010-10-05 Found nothing 2010-10-05 Found nothing
2010-10-04 Found nothing 2010-10-05 Found nothing
2010-10-05 Found nothing 2010-10-05 Found nothing
2010-10-05 Found nothing 2010-10-05 Found nothing
2010-10-05 Found nothing 2010-10-04 Found nothing
2010-10-05 Found nothing 2010-10-05 Found nothing
2010-10-05 Found nothing 2010-10-05 Found nothing
2010-10-05 Found nothing 2010-10-04 Found nothing
2010-10-04 Found nothing 2010-10-04 Found nothing


The laptop seems to be much quicker since the combofix run.

I have not tried to log in onto messenger yet. I am waiting for your "ok" to do so.

Thank you so much!!!

regards,
Antonio

0

Hi Crunchie,

It is still the same: once I log in, it stays on the screen for a few seconds and then it disappears. Shall I try to uninstall / reinstall it ?

Antonio

0

Hi Crunchie,

I uninstalled / installed messenger from my laptop, but it did not solve the problem.

I then performed the "clean Installation of Windows Live Messenger - Windows XP", according to the instructions in the link http://messenger-support.spaces.live...3F!15940.entry and installed a fresh copy of the program.

When I restarted the laptop, I managed to sign in; received some messages that have been sent from two of my contacts offline; responded to these messages. I logged out and when I tried to log in again the problem started as before: after a few seconds it just disappears from the screen.

Question: when I performed the "clean installation", in item 3 they ask to delete IdentityCRL folders (twice), Windows Live Contacts folder and Contacts folder; which I did. However, when I restarted the computer, at the end, I ran the instructions again to check what happened and all these folders (identityCRL, windows live contacts, contacts) were still there. Shouldn't they have disappeared upon deletion?

I am not sure if I have mentioned it before, but I can still use the old version of MSN messenger without calls and / or video conference calls. So, I am confused if the problem is with the laptop or with the new version of MSN messenger recently.

Any other suggestions on how to fix this issue?

regards,
Antonio

0

I would try removing every indicator of messenger from the pc, including the registry, then try installing it again.

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool.

  • Type live messenger in the dialog box.
  • Let it run and after a few minutes, a prompt will appear.
  • Click OK to write the results to Notepad and post them here.
0

Hi Crunchie,

I ran the application above for "Windows live messenger". Results:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Windows live messenger" 08/10/2010 11:56:16

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2FFAE75BEE6DC6C41957DEF971FB1CCB]
"ProductName"="Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\UIPlugins\{0776F107-F5A6-404B-9A78-7027FA6EAADD}]
"FriendlyName"="Windows Live Messenger Music Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\UIPlugins\{0776F107-F5A6-404B-9A78-7027FA6EAADD}]
"Description"="Changes your personal message in Windows Live Messenger to show the currently playing song."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FFAE75BEE6DC6C41957DEF971FB1CCB\InstallProperties]
"DisplayName"="Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}]
"DisplayName"="Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_USERS\S-1-5-21-14004083-294078908-1336101872-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="Windows Live Messenger"


Please let me know if this is what you were looking for or if I need to uninstall messenger again and then run the application.

kind regards,
Antonio

0

Uninstall messenger and then post back after you have rebooted. I will have something ready for you then.

0

Ahhh, you should have stuck around and checked that I was on. I am off to bed now, so you will have to wait a while :).

0

Hi Crunchie,

I performed the "clean Installation of Windows Live Messenger - Windows XP" again, restarted the computer and then ran the tool above. This is the result:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "windows live messenger" 09/10/2010 09:01:31

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


I look forward to hearing from you.

regards,
Antonio

0

Ok, we need to clarify something here.

I asked that you uninstall messenger and you replied that you have done a clean installation of messenger.

I need it uninstalled.

0

Hi Crunchie,

I uninstalled the Windows Live Messenger.

Now, I also have the Windows Messenger, which is still working (I believe this is the oldest version that came with the laptop, without calls/ video conference facility, just txt chatting). This one is not listed in add / remove programs. Do I need to uninstall this one as well? if so, how ?

regards,
Antonio

0

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.

===========

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see if it works ok now.

Attachments
0

Hi Crunchie,

It seems that there is something wrong with the "fixme.zip" file. When I click on it, a notepad with the following information appears on the screen:

PK ??K=}>? < fixme.regÕ?=
Â0??Bÿƒ?+*N?C?ñ[-ÆE<?PO=?I??õã??ÍÙM?ƒ{?žw#fb?Øã(Žöó?Ø?ušdÇ<Iç?? ??[?Cj?g?%ú^???È?b<%e?ŠÕ
=?ƒ)1Þ?Ö?ÕT>aboŠLÁöL!?ýÕ2???ªÂ_y?ÆAFÎâ??Ž ?ôÂZÓ?w ?\µòP?æ???Á2?wñ?íqç
ôÁŸ??ÌhügÁoá?PK ??K=}>? < fixme.regPK 7 æ

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.