• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Emmo213

Random popups connecting to unknown IP address

4 posts in this topic

Recently I came across some kind of malware and from Google turned up a bunch of different responces. I've ran all SpyBot, Ad-Ware, and Norton in safemode but they didn't fix it. It's attempting to connect to

http://89.188.16.10/trafc-2/rfe.php?cmp=wa...;lid=ad+ware%3E

I'm thinking it's the meaddmta.dll from the dll name keeps changing upon reboot. Any help is appreciated.

 

Here's my HijackThis! log:

Logfile of HijackThis v1.99.1

Scan saved at 11:00:11 PM, on 6/5/2007

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

D:\Program Files\Motherboard Monitor 5\MBM5.EXE

D:\Program Files\Logitech\iTouch\iTouch.exe

D:\Program Files\iTunes\iTunesHelper.exe

D:\PPC\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

d:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

D:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\hijackthis\HijackThis.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mdscnet.com/insidemay/Welcome/Welcome.do

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [MBM 5] "D:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [zBrowser Launcher] d:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "D:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\System32\meaddmta.dll",realset

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PPC\Microsoft ActiveSync\wcescomm.exe"

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.drivecleaner.com

O15 - Trusted Zone: *.errorprotector.com

O15 - Trusted Zone: *.errorsafe.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.systemdoctor.com

O15 - Trusted Zone: *.winantispyware.com

O15 - Trusted Zone: *.winantivirus.com

O15 - Trusted Zone: *.winfixer.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.drivecleaner.com (HKLM)

O15 - Trusted Zone: *.errorprotector.com (HKLM)

O15 - Trusted Zone: *.errorsafe.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.systemdoctor.com (HKLM)

O15 - Trusted Zone: *.winantispyware.com (HKLM)

O15 - Trusted Zone: *.winantivirus.com (HKLM)

O15 - Trusted Zone: *.winfixer.com (HKLM)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - d:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0