• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
berad

Really Frustrating! Please Help. Webcry is annoying!

18 posts in this topic

Hey. i've been trying to fix this problem for a while, but not too sure how i was meant to go about it.

Pretty much the only problem i have been facing is that when i google or search via a internet search engine (yahoo, google, etc) i constantly get redirected to some webcry site or some http://66.22.55....that eventuates re-redirecting me to webcry. from what i have seen i have to post my log files or someting from Hijackthis?

can someone please walk me through exactly what i should do or direct me in the right direction!

it is such a frustrating thing!

thank you

 

*EDIT*

This is my start up log file.

not sure if needed but its here

 

 

StartupList report, 20/06/2007, 12:43:08 AM

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\4NWHVWSY\HiJackThis_v2[1].EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16473)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\WallpaperToy\Wallpapertoy.Exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\4NWHVWSY\HiJackThis_v2[1].exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Brad\Start Menu\Programs\Startup]

Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Digital Line Detect.lnk = ?

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Apoint = C:\Program Files\Apoint\Apoint.exe

SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

IntelWireless = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe

MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe

MCUpdateExe = c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

MPSExe = c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033

dla = C:\WINDOWS\system32\dla\tfswctrl.exe

MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

svshost.exe = C:\WINDOWS\system32\svshost.exe

dvd43 = C:\Program Files\dvd43\dvd43_tray.exe

(Default) =

Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

MSKDetectorExe = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

MSKAGENTEXE = c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

svshost.exe = C:\WINDOWS\system32\svshost.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\SCRNSAVE.SCR

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\WINDOWS\system32\nnhmdbg.dll (file missing) - {0B29CFF0-5F24-92DD-68B8-07EF78E126FF}

(no name) - C:\WINDOWS\system32\xmmoukm.dll - {1DE045C2-CF5A-AE8F-331B-0B238F3FA1F0}

(no name) - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}

(no name) - C:\WINDOWS\system32\ddccd.dll (file missing) - {3517918D-17DA-45B4-8C71-9EA9CF061C7F}

McAfee PopupKiller - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL - {3EC8255F-E043-4cae-8B3B-B191550C2A22}

(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}

(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

ANZ McAfee.com Scan for Viruses - My Computer (MOBY01-Dad).job

AppleSoftwareUpdate.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[QuickTime Object]

InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll

CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll

CODEBASE = http://download.microsoft.com/download/3/9...heckControl.cab

 

[CR64Loader Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll

CODEBASE = http://www.miniclip.com/supergerball/miniclipGameLoader.dll

 

[Minesweeper Flags Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll

CODEBASE = http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

 

[{41564D57-9980-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/0/A...01F/wmvadvd.cab

 

[McAfee.com Operating System Class]

InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll

CODEBASE = http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

 

[MSN Photo Upload Tool]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll

CODEBASE = http://berad21.spaces.msn.com//PhotoUpload/MsnPUpld.cab

 

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdat...b?1149514740546

 

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll

CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

 

[a-squared Scanner]

InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx

CODEBASE = http://ax.emsisoft.com/asquared.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx

CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

 

[McFreeScan Class]

InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll

CODEBASE = http://download.mcafee.com/molbin/iss-loc/...925/mcfscan.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

{3C73A37A-063B-1033-0112-05041207003d} = "C:\Program Files\Common Files\{3C73A37A-063B-1033-0112-05041207003d}\Update.exe" mc-110-12-0000272

 

--------------------------------------------------

 

End of report, 11,031 bytes

Report generated in 5.016 seconds

Edited by berad

Share this post


Link to post
Share on other sites

the scan log file

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:45:22 AM, on 20/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\WallpaperToy\Wallpapertoy.Exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Brad\Local Settings\Temporary Internet Files\Content.IE5\4NWHVWSY\HiJackThis_v2[1].exe

C:\WINDOWS\system32\notepad.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.acpe.edu.au/exchange/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0B29CFF0-5F24-92DD-68B8-07EF78E126FF} - C:\WINDOWS\system32\nnhmdbg.dll (file missing)

O2 - BHO: (no name) - {1DE045C2-CF5A-AE8F-331B-0B238F3FA1F0} - C:\WINDOWS\system32\xmmoukm.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: (no name) - {3517918D-17DA-45B4-8C71-9EA9CF061C7F} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [svshost.exe] C:\WINDOWS\system32\svshost.exe

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [svshost.exe] C:\WINDOWS\system32\svshost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Policies\Explorer\Run: [{3C73A37A-063B-1033-0112-05041207003d}] "C:\Program Files\Common Files\{3C73A37A-063B-1033-0112-05041207003d}\Update.exe" mc-110-12-0000272

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://berad21.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149514740546

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...925/mcfscan.cab

O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll (file missing)

O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 12500 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt.

Next:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

hey thanks for the help! i really appreciate it!

here is the vundofix text

 

 

VundoFix V6.5.1

 

Checking Java version...

 

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Scan started at 11:45:36 PM 19/06/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\dccdd.bak1

C:\WINDOWS\system32\dccdd.bak2

C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.ini2

C:\WINDOWS\system32\dccdd.tmp

C:\WINDOWS\system32\ddccd.dll

C:\windows\system32\ibrijhlt.exe

C:\windows\system32\myaxjmgp.exe

C:\windows\system32\nnhmdbg.dll

C:\WINDOWS\system32\tbfmpesm.dll

C:\WINDOWS\system32\vwntxdaw.dll

C:\windows\system32\wadxtnwv.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\dccdd.bak1

C:\WINDOWS\system32\dccdd.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.bak2

C:\WINDOWS\system32\dccdd.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.ini

C:\WINDOWS\system32\dccdd.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.ini2

C:\WINDOWS\system32\dccdd.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dccdd.tmp

C:\WINDOWS\system32\dccdd.tmp Has been deleted!

 

Attempting to delete C:\windows\system32\ibrijhlt.exe

C:\windows\system32\ibrijhlt.exe Has been deleted!

 

Attempting to delete C:\windows\system32\myaxjmgp.exe

C:\windows\system32\myaxjmgp.exe Has been deleted!

 

Attempting to delete C:\windows\system32\nnhmdbg.dll

C:\windows\system32\nnhmdbg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vwntxdaw.dll

C:\WINDOWS\system32\vwntxdaw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\wadxtnwv.ini

C:\windows\system32\wadxtnwv.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.4

 

Checking Java version...

 

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.4

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.5

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.6

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Scan started at 10:00:32 PM 1/07/2007

 

Listing files found while scanning....

 

C:\windows\system32\ddccbaa.dll

C:\WINDOWS\system32\ddccd.dll

C:\windows\system32\dhxxcajm.ini

C:\WINDOWS\system32\gebyy.dll

C:\WINDOWS\system32\jbxcrxnj.ini

C:\WINDOWS\system32\jnxrcxbj.dll

C:\windows\system32\mjacxxhd.dll

C:\WINDOWS\system32\wryjdgvm.dll

C:\windows\system32\yybeg.bak1

C:\windows\system32\yybeg.bak2

C:\windows\system32\yybeg.ini

 

Beginning removal...

 

Attempting to delete C:\windows\system32\ddccbaa.dll

C:\windows\system32\ddccbaa.dll Has been deleted!

 

Attempting to delete C:\windows\system32\dhxxcajm.ini

C:\windows\system32\dhxxcajm.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebyy.dll

C:\WINDOWS\system32\gebyy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jbxcrxnj.ini

C:\WINDOWS\system32\jbxcrxnj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jnxrcxbj.dll

C:\WINDOWS\system32\jnxrcxbj.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mjacxxhd.dll

C:\windows\system32\mjacxxhd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wryjdgvm.dll

C:\WINDOWS\system32\wryjdgvm.dll Has been deleted!

 

Attempting to delete C:\windows\system32\yybeg.bak1

C:\windows\system32\yybeg.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\yybeg.bak2

C:\windows\system32\yybeg.bak2 Has been deleted!

 

Attempting to delete C:\windows\system32\yybeg.ini

C:\windows\system32\yybeg.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

Share this post


Link to post
Share on other sites

Hi again,

 

Can I see the ComboFix report too please?

 

jedi

Share this post


Link to post
Share on other sites

yeah sure..i just had run the combofix.

here it is

 

2001-03-08 19:30	  24064	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\msxml3a.dll.vir
2006-12-03 22:39	  40973	--a------	C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljjiggd.dll.vir
2006-12-03 22:40	  32179	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
2007-07-01 10:29	  276	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_FAD.reg.cf


Folder PATH listing
Volume serial number is 3C73-A37A
C:\QOOBOX
\---Quarantine
+---C
|   +---Program Files
|   |   \---Common Files
|   |		   Yazzle1162OinUninstaller.exe.vir
|   |		   
|   \---WINDOWS
|	   \---SYSTEM32
|			   ljjiggd.dll.vir
|			   msxml3a.dll.vir
|			   
\---Registry_backups
		LEGACY_FAD.reg.cf

Edited by berad

Share this post


Link to post
Share on other sites

Hi again,

 

Can I see the ComboFix report too please?

 

jedi

 

is this the one you needed? i didnt think the other one above was right?!

 

 

 

ComboFix 07-06-18.2 - C:\Documents and Settings\Brad\Desktop\ComboFix.exe

"Brad" - 2007-07-01 10:22:07 - Service Pack 2 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\ljjiggd.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program Files\Common Files\{3C73A~1

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\components

C:\WINDOWS\system32\msxml3a.dll

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_FAD

 

 

((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))

 

 

2007-07-01 22:12 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-07-01 22:06 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

2007-06-30 14:18 4,672 --a------ C:\WINDOWS\SYSTEM32\auuhiyjq.exe

2007-06-29 18:46 87,608 --a------ C:\DOCUME~1\Brad\APPLIC~1\inst.exe

2007-06-29 18:46 47,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pcouffin.sys

2007-06-29 18:46 47,360 --a------ C:\DOCUME~1\Brad\APPLIC~1\pcouffin.sys

2007-06-29 18:46 217,127 --a------ C:\WINDOWS\SYSTEM32\drv43260.dll

2007-06-29 18:46 208,935 --a------ C:\WINDOWS\SYSTEM32\drv33260.dll

2007-06-29 18:46 176,165 --a------ C:\WINDOWS\SYSTEM32\drv23260.dll

2007-06-29 18:46 <DIR> d-------- C:\Program Files\VSO

2007-06-29 18:46 <DIR> d-------- C:\DOCUME~1\Brad\APPLIC~1\Vso

2007-06-27 21:46 <DIR> d-------- C:\Program Files\IOSTWPA

2007-06-19 23:45 <DIR> d-------- C:\VundoFix Backups

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-22 13:05:18 -------- d-----w C:\DOCUME~1\Brad\APPLIC~1\MyPhoneExplorer

2007-06-19 10:37:53 -------- d-----w C:\Program Files\Google

2007-05-31 13:10:15 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-31 13:03:59 -------- d-----w C:\Program Files\THQ

2007-05-30 21:41:56 -------- d-----w C:\DOCUME~1\Brad\APPLIC~1\Azureus

2007-05-18 02:50:33 -------- d-----w C:\Program Files\mTC

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-16 12:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-16 12:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

2005-07-31 01:45:53 56 --sh--r C:\WINDOWS\SYSTEM32\F7329A1578.sys

2005-12-24 05:30:28 4,496 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]

{0B29CFF0-5F24-92DD-68B8-07EF78E126FF}=C:\WINDOWS\system32\nnhmdbg.dll []

{1DE045C2-CF5A-AE8F-331B-0B238F3FA1F0}=C:\WINDOWS\system32\xmmoukm.dll [2006-12-03 22:40]

{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll [2005-07-26 14:53]

{3517918D-17DA-45B4-8C71-9EA9CF061C7F}=C:\WINDOWS\system32\ddccd.dll []

{3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL [2005-07-26 14:50]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 04:33]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{A6807262-1D7A-44AB-947B-23B71E97915C}=C:\WINDOWS\system32\ddccbaa.dll []

{C106C900-48E7-4F5B-97A4-6D184DAD818E}=C:\WINDOWS\system32\gebyy.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 13:33]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 13:43]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" []

"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]

"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-08 21:06]

"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2005-07-26 14:49]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]

"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 11:16]

"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]

"@"="" []

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]

"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 14:24]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSKAGENTEXE"="c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" []

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03]

"svshost.exe"="C:\WINDOWS\system32\svshost.exe" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"RunNarrator"=Narrator.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{A6807262-1D7A-44AB-947B-23B71E97915C}"="C:\WINDOWS\system32\ddccbaa.dll" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccd]

C:\WINDOWS\system32\ddccd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]

winrkp32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]

wintfj32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuqw32]

winuqw32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk

backup=C:\WINDOWS\pss\AOL 7.0 Tray Icon.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ssdiag]

C:\WINDOWS\ssdiag.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Usnsvc usnsvc

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8a70f86-f1b1-11d9-a4e6-0011436b1182}]

AutoRun\command- E:\setupSNK.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-29 08:30:00 C:\WINDOWS\tasks\ANZ McAfee.com Scan for Viruses - My Computer (MOBY01-Dad).job

2007-07-01 11:48:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-01 10:34:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-01 10:38:26 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-01 10:37

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi again,

 

Download SDFix and save it to your desktop.

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

 

jedi

Share this post


Link to post
Share on other sites

cheers

okay

here is the report of SDFix

 

 

 

SDFix: Version 1.89

 

Run by Brad on Tue 03/07/2007 at 12:51 AM

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\DOCUME~1\Brad\Desktop\SDFix\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing SharedAccess Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\WINDOWS\system32\scarddlg.dat - Deleted

C:\WINDOWS\system32\SysPr.prx - Deleted

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking C:\WINDOWS

C:\WINDOWS

No streams found.

 

Checking C:\WINDOWS\system32

C:\WINDOWS\system32

No streams found.

 

Checking C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

Checking C:\WINDOWS\system32\ntoskrnl.exe

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

Backups Folder: - C:\DOCUME~1\Brad\Desktop\SDFix\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

C:\Documents and Settings\Brad\NetHood\_content on www.sydneyafl.com.au\Desktop.ini

C:\Program Files\Common Files\aolshare\shell\au\shellext.dll

C:\Program Files\Replay Converter\cygz.dll

C:\Program Files\AOL 7.0\aolphx.exe

C:\Program Files\AOL 7.0\aoltray.exe

C:\Program Files\AOL 7.0\RBM.exe

C:\Program Files\AOL 7.0\waol.exe

C:\Program Files\AOL 7.0\COMIT\cswitch.exe

C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe

C:\Program Files\THQ\AFL Premiership 2005\Movie\play.exe

C:\WINDOWS\SYSTEM32\F7329A1578.sys

C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SAM.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.tmp.LOG

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.tmp.LOG

 

Finished

Share this post


Link to post
Share on other sites

and new hijack this log

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:17:21 AM, on 3/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Documents and Settings\Brad\My Documents\Program Folders\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.acpe.edu.au/exchange/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0B29CFF0-5F24-92DD-68B8-07EF78E126FF} - C:\WINDOWS\system32\nnhmdbg.dll (file missing)

O2 - BHO: (no name) - {1DE045C2-CF5A-AE8F-331B-0B238F3FA1F0} - C:\WINDOWS\system32\xmmoukm.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: (no name) - {3517918D-17DA-45B4-8C71-9EA9CF061C7F} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddccbaa.dll (file missing)

O2 - BHO: (no name) - {C106C900-48E7-4F5B-97A4-6D184DAD818E} - C:\WINDOWS\system32\gebyy.dll (file missing)

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://berad21.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149514740546

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...925/mcfscan.cab

O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll (file missing)

O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 11939 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {0B29CFF0-5F24-92DD-68B8-07EF78E126FF} - C:\WINDOWS\system32\nnhmdbg.dll (file missing)

O2 - BHO: (no name) - {1DE045C2-CF5A-AE8F-331B-0B238F3FA1F0} - C:\WINDOWS\system32\xmmoukm.dll

O2 - BHO: (no name) - {3517918D-17DA-45B4-8C71-9EA9CF061C7F} - C:\WINDOWS\system32\ddccd.dll (file missing)

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ddccbaa.dll (file missing)

O2 - BHO: (no name) - {C106C900-48E7-4F5B-97A4-6D184DAD818E} - C:\WINDOWS\system32\gebyy.dll (file missing)

O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll (file missing)

O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

 

jedi

Share this post


Link to post
Share on other sites

ok here is that part done

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:12:04 AM, on 4/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Documents and Settings\Brad\My Documents\Program Folders\HiJackThis_v2.exe

C:\Program Files\internet explorer\iexplore.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.acpe.edu.au/exchange/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\PROGRA~1\mcafee.com\mps\POPUPK~1.DLL

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSKAGENTEXE] c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://berad21.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149514740546

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...925/mcfscan.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 11549 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

OK, that log looks clean, how's the PC running now?

 

jedi

Share this post


Link to post
Share on other sites

Hi again,

 

OK, that log looks clean, how's the PC running now?

 

jedi

 

 

hey,

it seems to be working heaps smoothly.

so far no redirections when surfing google

thanks so much for your help!

Share this post


Link to post
Share on other sites

You're welcome. :D

 

In order to be better protected in the future, I recommend the following programs:

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

All three are very small free programs that you run once, and then just occasionally to check for updates.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

Take care.

 

jedi :wave:

Share this post


Link to post
Share on other sites

You're welcome. :D

 

In order to be better protected in the future, I recommend the following programs:

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

All three are very small free programs that you run once, and then just occasionally to check for updates.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

Take care.

 

jedi :wave:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0