• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
sebamobile

Java.Loader.HLL

6 posts in this topic

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:35:34 p.m., on 31/10/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\cvsnt\cvsservice.exe

C:\Archivos de programa\cvsnt\cvslock.exe

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Archivos de programa\WireLessDeployer\WireLessDeployerAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe

C:\Archivos de programa\WireLessDesigner\WS_Bin\WSServerSvc.exe

C:\Archivos de programa\WireLessStudio\WS_BinV4\WSServerSvcV4.exe

C:\Archivos de programa\WireLessDesigner\WS_Bin\WSStarterSvc.exe

C:\Archivos de programa\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe

C:\Archivos de programa\Xobni\XobniService.exe

C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe

C:\Archivos de programa\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Sebastian\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe

C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe

C:\ARCHIV~1\MICROS~4\rapimgr.exe

C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntupd.exe

C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\Microsoft ActiveSync\WCESMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\Sebastian\Escritorio\sebamobile.exe

C:\Archivos de programa\FileZilla\FileZilla.exe

 

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [b Register C:\Archivos de programa\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax] "C:\WINDOWS\system32\rundll32.exe" "C:\Archivos de programa\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax",DllRegisterServer

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sebastian\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ARCHIV~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll

O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ARCHIV~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll

O10 - Unknown file in Winsock LSP: c:\archivos de programa\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\archivos de programa\vmware\vmware workstation\vsocklib.dll

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADF1C85-3D4D-4CB4-862E-800F856C7F5C}: NameServer = 93.188.162.131,93.188.160.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{7454CCFD-8477-405E-8848-1BDDB695302E}: NameServer = 93.188.162.131,93.188.160.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{C950D6AA-912B-431A-AF4D-4B9EF89193EC}: NameServer = 93.188.162.131,93.188.160.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.131,93.188.160.11

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.131,93.188.160.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.131,93.188.160.11

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARCHIV~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CVSNT (CVS) - GNU - C:\Archivos de programa\cvsnt\cvsservice.exe

O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Archivos de programa\cvsnt\cvslock.exe

O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Administrador de Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe

O23 - Service: KpyM Telnet SSH Server v1.18b - Kroum Grigorov - C:\Archivos de programa\KTS\daemon.exe

O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe

O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Stay-Linked Server - Unknown owner - C:\Archivos de programa\Stay-Linked\StayLinkedService.exe (file missing)

O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Archivos de programa\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Archivos de programa\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Archivos de programa\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

O23 - Service: WireLess Deployer Agent (WireLessDeployerAgent) - SofToGo S.A. - C:\Archivos de programa\WireLessDeployer\WireLessDeployerAgent.exe

O23 - Service: WireLessTelNetProxyServer - Unknown owner - C:\Archivos de programa\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe

O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

O23 - Service: WireLess Studio Server Service NT (WSServerSvc) - SofToGo S.A. www.softogo.com - C:\Archivos de programa\WireLessDesigner\WS_Bin\WSServerSvc.exe

O23 - Service: WireLess Studio Server Service V4 (WSServerSvcV4) - SofToGo S.A. www.softogo.com - C:\Archivos de programa\WireLessStudio\WS_BinV4\WSServerSvcV4.exe

O23 - Service: WireLess Studio Starter Server Service NT (WSStarterSvc) - SofToGo / Raisonnance S.A. Lyon, France (33) 4 78 66 86 46 / www.raisonnance.fr www.softogo.com - C:\Archivos de programa\WireLessDesigner\WS_Bin\WSStarterSvc.exe

O23 - Service: WireLess Studio Starter Server Service V4 (WSStarterSvcV4) - SofToGo S.A. www.softogo.com - C:\Archivos de programa\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe

O23 - Service: XobniService - Xobni Corporation - C:\Archivos de programa\Xobni\XobniService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/SEBAST~1/CONFIG~1/Temp/msohtmlclip1/01/clip_image002.jpg

 

--

End of file - 10967 bytes

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

I'm unable to find anything on this file in bold.

C:\Documents and Settings\Sebastian\Escritorio\sebamobile.exe

 

Did your installed it and know what it is?

 

If not please submit the file in bold to the following link for a scan, then post the results in your next message for me to see.

http://www.kaspersky.com/scanforvirus

===

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

 

Post back with the Malwarebytes Anti-Malware log once it's complete.

===

 

Please run this security check for my review.

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

 

Let me know what problem remains.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

 

[REOPENED]

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites

sebamobile

 

I'm listening.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0