• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
laurafe

vundo.dll

8 posts in this topic

i have run spybot s&d and mcafee. mcafee keeps catching pups and trojans trying to conect to the internet, including Generic AdClicker.d; FakeAlert-I.dr; Generic Spy.b; Downloader-BCF; Downlaoder-EV. spybot s&d has deleted Avenue A, Inc.; FastClick; Win32.Agent.At; and Smithfraud-C Toolbar868 several times. following is my hijackthis file:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:14:33 AM, on 5/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\PROGRA~1\mcafee.com\vso\OasClnt.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

c:\program files\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142469970140

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...713/mcfscan.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Please download Atribune's VundoFix.exe from this site:

http://www.atribune.org/ccount/click.php?id=4 and place it on your desktop.

 

Double-click VundoFix.exe to run it.

 

Click the Scan for Vundo button.

 

Once it's done scanning, click the Remove Vundo button.

 

You will receive a prompt asking if you want to remove the files,

click YES

 

Once you click yes, your desktop will go blank as it starts removing

Vundo.

 

When completed, it will prompt that it will reboot your computer,

click OK.

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

 

=*=

 

Your version of Java is vulnerable to these types of infections, please update.

 

Updating Java

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions. <- important

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

 

 

Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Include also the report form Dr.Web.

Share this post


Link to post
Share on other sites
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Include also the report form Dr.Web.

 

Dr. Web Report:

 

mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;Incurable.Will be moved after reboot.;

j5231539.dll;c:\windows\system32;Trojan.Click.2485;Will be cured after reboot.;

lsdysjqk.dll;c:\windows\system32;Adware.Crew;Incurable.Moved.;

winrnt32.dll;c:\windows\system32;Trojan.DownLoader.22758;Will be cured after reboot.;

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338;Probably BACKDOOR.Trojan;Incurable.Moved.;

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1;Probably BACKDOOR.Trojan;Incurable.Moved.;

inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;

win1EC.tmp.exe;C:\Documents and Settings\Laura Fe Echavarria\Local Settings\Temp;Trojan.DownLoader.22225;Deleted.;

aolsetup.exe;C:\Program Files\AIM6\services\softwareUpdate\ver2_13_13_7;Probably BACKDOOR.Trojan;Incurable.Moved.;

mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;Incurable.Moved.;

mps.exe;C:\Program Files\McAfee\MPS;Probably BACKDOOR.Trojan;Incurable.Will be moved after reboot.;

edfdxfub.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

libiis.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

llvhpnqx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

mchixssj.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

pmnnm.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

tpwdiuxx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;

j5231539.dll;C:\WINDOWS\system32;Trojan.Click.2485;Will be cured after reboot.;

lsdysjqk.dll;C:\WINDOWS\system32;Adware.Crew;;

lsfnceqk.exe;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

qnxdlfgs.exe;C:\WINDOWS\system32;Trojan.Click.2485;Deleted.;

winrnt32.dll;C:\WINDOWS\system32;Trojan.DownLoader.22758;Will be cured after reboot.;

win15D6.tmp.exe;C:\WINDOWS\Temp;Trojan.Mezzia;Deleted.;

win15DE.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.22225;Deleted.;

win16B3.tmp.exe;C:\WINDOWS\Temp;Trojan.Mezzia;Deleted.;

win16BC.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.22225;Deleted.;

 

------------------------------------------------------------------

 

VundoFix V4.2.33

 

Checking Java version...

 

Java version is 1.4.2.3

 

Java version is 1.5.0.6

 

Scan started at 9:56:12 AM 3/15/2006

 

Listing files found while scanning....

 

 

C:\WINDOWS\system32\hjllm.bak1

C:\WINDOWS\system32\hjllm.bak2

C:\WINDOWS\system32\hjllm.tmp

Attempting to delete C:\WINDOWS\system32\hjllm.bak1

C:\WINDOWS\system32\hjllm.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hjllm.bak2

C:\WINDOWS\system32\hjllm.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hjllm.tmp

C:\WINDOWS\system32\hjllm.tmp Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.4.2

 

Checking Java version...

 

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

 

Scan started at 5:39:47 PM 6/5/2007

 

Listing files found while scanning....

 

c:\windows\system\libiis.dll

C:\WINDOWS\system32\bufxdfde.ini

C:\WINDOWS\system32\edfdxfub.dll

C:\WINDOWS\system32\llvhpnqx.dll

C:\WINDOWS\system32\mchixssj.dll

C:\WINDOWS\system32\mnnmp.bak1

C:\WINDOWS\system32\mnnmp.bak2

C:\WINDOWS\system32\mnnmp.ini

C:\WINDOWS\system32\pmnnm.dll

C:\WINDOWS\system32\tpwdiuxx.dll

C:\WINDOWS\system32\xxuidwpt.ini

 

Beginning removal...

 

Attempting to delete c:\windows\system\libiis.dll

c:\windows\system\libiis.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bufxdfde.ini

C:\WINDOWS\system32\bufxdfde.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\edfdxfub.dll

C:\WINDOWS\system32\edfdxfub.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\llvhpnqx.dll

C:\WINDOWS\system32\llvhpnqx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mchixssj.dll

C:\WINDOWS\system32\mchixssj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mnnmp.bak1

C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mnnmp.bak2

C:\WINDOWS\system32\mnnmp.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mnnmp.ini

C:\WINDOWS\system32\mnnmp.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmnnm.dll

C:\WINDOWS\system32\pmnnm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tpwdiuxx.dll

C:\WINDOWS\system32\tpwdiuxx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xxuidwpt.ini

C:\WINDOWS\system32\xxuidwpt.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 8:02:52 PM, on 6/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Documents and Settings\All Users\Application Data\mlqdmbkf.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\WINDOWS\system32\dllhost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {360A2B83-EEA8-4CB4-8C02-EF726F76D5DE} - C:\WINDOWS\system32\pmnnm.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [mlqdmbkf.exe] C:\Documents and Settings\All Users\Application Data\mlqdmbkf.exe

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\edfdxfub.dll",realset

O4 - HKLM\..\Run: [j5231539] rundll32 C:\WINDOWS\system32\j5231539.dll sook

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142469970140

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...713/mcfscan.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: vturrqn - vturrqn.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

 

------------------------------------------------------------------

 

now there are popups for Ultamate Defender 2007 when i open the web...

 

thank you !

Edited by laurafe

Share this post


Link to post
Share on other sites

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Please remember to uninstall all old versions of Sun Java with the Add/Remove Programs applet.

If these versions are present delete.

J2SE Runtime Environment 4.x.x

J2SE Runtime Environment 5.x.x

 

The lates is 1.6.x

 

=*=

 

Do you have Netpumper or Bitgrabber or BitRoll installed? If so, uninstall them via start > Settings> Control Panel > add/remove programs. This because they are bundled with the malware you are dealing with (swizzor aka lop).

Also look if next are present in software > add/remove programs and uninstall them:

 

CiD Help / CiD Manager

Download Plugin for Internet Explorer

Zone Media

 

In case, during uninstall, when asked for the uninstall Verification, please enter the numbers that will appear in the window

 

Then reboot. Important!

 

After reboot,

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

O2 - BHO: (no name) - {360A2B83-EEA8-4CB4-8C02-EF726F76D5DE} - C:\WINDOWS\system32\pmnnm.dll (file missing)

O4 - HKLM\..\Run: [mlqdmbkf.exe] C:\Documents and Settings\All Users\Application Data\mlqdmbkf.exe

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\edfdxfub.dll",realset

O4 - HKLM\..\Run: [j5231539] rundll32 C:\WINDOWS\system32\j5231539.dll sook

O20 - Winlogon Notify: vturrqn - vturrqn.dll (file missing)

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

 

Click on Fix Checked when finished and exit HijackThis.

 

Delete these files in bold if found.

 

C:\Documents and Settings\All Users\Application Data\mlqdmbkf.exe

C:\WINDOWS\system32\edfdxfub.dll

C:\WINDOWS\system32\j5231539.dll

 

Restart the computer again.

 

* Download Deljob.exe and save it on your desktop.

Doubleclick Deljob.exe.

 

A log, (logit.txt) should open afterwards. This log will be present on your desktop

Post the contents of the logfile in your next reply together with a new Hijackthis log.

 

Let me know what problem remains.

Share this post


Link to post
Share on other sites

all previous java versions were deleted and only Java SE Runtime Environment 6 Update 1 is listed in the add/remove programs applet.

 

Netpumper, Bitgrabber, nor BitRoll were found to be installed. Also, CiD Help / CiD Manager, Download Plugin for Internet Explorer, nor Zone Media were present.

 

Once rebooted, I ran HijackThis and found, checked, and fixed all files listed above.

 

I deleted mlqdmbkf.exe, however, edfdxfub.dll and j5231539.dll were not found.

 

I rebooted again and ran Deljob.exe.

 

The only problem I seem to be having now is that when I reboot a RUNDLL error message pops up at startup that states "error loading CTMBHA.DLL; Invalid Access to memory location".

 

Following are my log files:

 

--------------------------------------------------------

No LOP jobs found

--------------------------------------------------------

Files remaining after cleaning

 

McAfee.com Scan for Viruses - My Computer (LAURAFE-Laura Fe Echavarria).job

McDefragTask.job

McQcTask.job

--------------------------------------------------------

App data folders

 

Volume in drive C has no label.

Volume Serial Number is 9C0E-69B8

 

Directory of C:\Documents and Settings\Laura Fe Echavarria\Application Data

 

05/25/2007 08:39 AM <DIR> .

05/25/2007 08:39 AM <DIR> ..

02/09/2006 03:03 PM <DIR> acccore

04/12/2006 03:33 PM <DIR> Adobe

02/02/2007 03:39 PM <DIR> AdobeUM

04/19/2007 11:14 AM <DIR> Ahead

10/08/2006 07:03 PM <DIR> Corel

02/14/2006 09:10 PM <DIR> CORELP~1 Corel Photo Album

06/30/2006 05:16 PM <DIR> CYBERL~1 CyberLink

05/25/2007 08:39 AM <DIR> GLOBAL~1 GlobalSCAPE

02/06/2006 08:48 PM <DIR> Google

02/06/2006 08:43 PM <DIR> Gtek

08/16/2005 06:50 AM <DIR> IDENTI~1 Identities

03/11/2007 09:25 AM <DIR> Lavasoft

02/22/2006 11:01 PM <DIR> LEADER~1 Leadertech

02/08/2006 09:16 PM <DIR> MACROM~1 Macromedia

03/15/2007 03:48 PM <DIR> MICROS~1 Microsoft

10/04/2006 02:19 AM <DIR> Real

02/22/2006 11:03 PM <DIR> Sonic

02/06/2006 08:26 PM <DIR> Sun

0 File(s) 0 bytes

20 Dir(s) 53,516,845,056 bytes free

Volume in drive C has no label.

Volume Serial Number is 9C0E-69B8

 

Directory of C:\Documents and Settings\All Users\Application Data

 

06/09/2007 05:56 PM <DIR> .

06/09/2007 05:56 PM <DIR> ..

02/02/2007 06:02 PM <DIR> Adobe

03/04/2007 06:23 PM <DIR> AOL

03/04/2007 06:22 PM <DIR> AOLDOW~1 AOL Downloads

03/04/2007 06:25 PM <DIR> AOLOCP~1 AOL OCP

02/06/2006 08:33 PM <DIR> CREATI~1 Creative Labs

05/28/2007 01:23 PM <DIR> Google

05/28/2007 04:44 PM <DIR> GTek

02/06/2006 08:41 PM <DIR> INSTAL~1 InstallShield

06/05/2007 12:02 PM <DIR> McAfee

06/05/2007 09:30 AM <DIR> McAfee.com

03/11/2007 09:25 AM <DIR> MICROS~1 Microsoft

06/13/2006 08:50 PM <DIR> PopCap

02/06/2006 08:40 PM <DIR> QUICKT~1 QuickTime

06/09/2007 05:34 PM <DIR> Ringo

03/09/2006 08:33 PM <DIR> SPYBOT~1 Spybot - Search & Destroy

05/11/2007 02:40 AM <DIR> Support.com

02/25/2006 03:38 AM <DIR> WINDOW~1 Windows Genuine Advantage

06/04/2007 09:46 PM <DIR> WinZip

0 File(s) 0 bytes

20 Dir(s) 53,516,845,056 bytes free

--------------------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 6:08:19 PM, on 6/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\McAfee\MPS\mps.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\McAfee\MPS\mpsevh.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

 

C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

 

Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program

 

files\mcafee\virusscan\scriptcl.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"

 

-start

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"

 

-startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

 

Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_01\bin\ssv.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

 

http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

 

http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

 

http://update.microsoft.com/microsoftupdat...b?1142469970140

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

 

http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

 

http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

 

http://download.mcafee.com/molbin/iss-loc/...713/mcfscan.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative

 

Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

 

C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. -

 

C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common

 

Files\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common

 

files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

 

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -

 

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

 

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program

 

Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program

 

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

 

 

Thank you, once again, for all your help. :thumbsup:

Share this post


Link to post
Share on other sites

Nice Work your log is clean.

 

Please read this Prevention page with lots of info and tips how to prevent this in the future.

http://users.telenet.be/bluepatchy/miekiem...prevention.html

 

The error message with CTMBHA.DLL is probably due to a corrupt file or you need the newer version. It's Related to Creative_Audigy line of sound cards from Creative Technology Ltd. If you have the installation disk for your Sound card see you can replace the file on your computer. If the problem remains then you would need a new version.

 

 

You can fix this item with HijackThis and then restart the computer.

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

 

The error will stop but you may loose some functionnality with the Sound Card. In any event it's not presently loading.

Do you have any current problems with your sound card? If not then fix it. Some people thing that it's not required.

 

 

You can always restore the item if fixing it give you some problem with the sound.

Open HijackThis. In the bottom right click on Config | Backups then highlight the entry and click on restore

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0