Help - Search - Members - Calendar
Full Version: IE loading pages on its own.....
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
egypt23
May 28 2007, 01:12 PM
Hi, my first time on here, but really hope you can help me. Internet Explorer keeps opening up webpages when it isn't even open (I normally use mozilla firefox anyway), and in the history there are some lists of websites it has been on. Not sure if I have virus or trojan or something on pc. Please can you help, I do already have hijack this on my pc, please let me know if you can help and I will post up results.

Thanks a lot!
egypt23
May 28 2007, 01:23 PM
Thought I would do a hijack this report on here now anyway, please help me!! Thanks in advance!!

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\avp.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\smanager.7.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mahmoud\LOCALS~1\Temp\16server.exe
C:\WINDOWS\avp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\avp.exe
C:\DOCUME~1\Mahmoud\LOCALS~1\Temp\syssys.exe
C:\WINDOWS\avp.exe
C:\DOCUME~1\Mahmoud\LOCALS~1\Temp\16look.exe
C:\WINDOWS\avp.exe
C:\DOCUME~1\Mahmoud\LOCALS~1\Temp\3216.exe
C:\Documents and Settings\Mahmoud\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Mahmoud\LOCALS~1\Temp\winlogon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
teacup61
May 28 2007, 02:41 PM
Hello egypt23,

Welcome to Gladiator Security Forum hello.gif

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please also let me know how yur computer is running now. :)

Thanks,
tea
egypt23
May 29 2007, 08:55 AM
Thanks very much for this, am at work today and its for my pc at home so will do tonight.

Thanks again.
egypt23
May 29 2007, 08:57 AM
Sorry, one quick question, when I download the second link (combo fix), do I have to run this is safe mode as well as the first one (SD Fix).

Cheers!
egypt23
May 29 2007, 07:14 PM
Just done SDFix, here is the report, thanks! Am just gonna do the other one now.


SDFix: Version 1.85

Run by Mahmoud - 29/05/2007 - 20:06:18.42

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
C:\WINDOWS\smanager.7.exe - Deleted
C:\WINDOWS\system32\driver.exe - Deleted
C:\WINDOWS\system32\Kernel32.exe - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe"="C:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\dfbhd.exe:*:Disabled:dfbhd"
"C:\\Documents and Settings\\Mahmoud\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Mahmoud\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Disabled:SopCast Main Application"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\eGames\Alchemist Special Edition\WCSUP.DLL
C:\Program Files\eGames\Blast Thru Special Edition\WCSUP.DLL
C:\Program Files\eGames\Glowing Bugs Special Edition\WCSUP.DLL
C:\Program Files\eGames\Mahjongg Master 2 Special Edition\WCSUP.DLL
C:\Program Files\eGames\Puzzle Master Special Edition\WCSUP.DLL
C:\Program Files\eGames\Solitaire_Vol4\WCSUP.DLL
C:\i386\25971BB0AD.sys
C:\i386\KGyGaAvL.sys
C:\WINDOWS\system32\25971BB0AD.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Program Files\Google\Google Desktop Search\BIT2B.tmp

Finished
egypt23
May 29 2007, 07:28 PM
This is the report from the combo fix below. Will do the hijack this again now. and post in a bit.

"Mahmoud" - 2007-05-29 20:20:18 Service Pack 2 [SAFE MODE]
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Mahmoud\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\avp.exe"
"C:\WINDOWS\smanager.7.exe"
"C:\WINDOWS\system32\klikalka.exe"
"C:\WINDOWS\system32\drivers\sfsync02.sys"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-29 20:22 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-05-29 20:13 28,160 --a------ C:\WINDOWS\system32\driver.exe
2007-05-28 14:59 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-28 14:53 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-05-28 14:53 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-05-28 14:53 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-05-28 14:53 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-05-28 14:53 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-05-28 14:53 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-05-28 14:53 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-28 14:53 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-05-28 14:53 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-05-28 14:53 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-05-28 14:53 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-05-28 14:53 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-28 14:53 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-05-28 14:53 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-05-28 14:53 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-05-28 14:53 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-05-28 14:53 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-05-28 14:53 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-05-28 14:53 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-05-28 14:53 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-05-28 14:53 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-05-28 14:53 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-05-28 14:53 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-05-28 14:53 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-05-28 14:53 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-05-28 14:53 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-05-28 14:53 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-05-28 14:53 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-05-28 14:53 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-05-28 14:53 32,866 --------- C:\WINDOWS\slrundll.exe
2007-05-28 14:53 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-05-28 14:53 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-05-28 14:53 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-05-28 14:53 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-05-28 14:53 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-05-28 14:53 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-05-28 14:53 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-05-28 14:53 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-05-28 14:53 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-05-28 14:53 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-05-28 14:53 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-05-28 14:53 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-05-28 14:53 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-05-28 14:53 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-05-28 14:53 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-05-28 14:53 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-05-28 14:53 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-05-28 14:53 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-05-28 14:53 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-05-28 14:53 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-05-28 14:53 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-05-28 14:53 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-05-28 14:53 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-05-28 14:53 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-05-28 14:53 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-05-28 14:53 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-05-28 14:53 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-05-28 14:53 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-05-28 14:53 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-05-28 14:53 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-05-28 14:53 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-05-28 14:53 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-05-28 14:53 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-05-28 14:53 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-05-28 14:53 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-05-28 14:53 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-05-28 14:53 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-05-28 14:53 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-05-28 14:53 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-05-28 14:53 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-05-28 14:53 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-05-28 14:53 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-05-28 14:53 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-05-28 14:53 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-05-28 14:53 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-05-28 14:53 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-05-28 14:53 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-05-28 14:53 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-05-28 14:53 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-05-28 14:53 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-05-28 14:53 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-05-28 14:53 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-05-28 14:53 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-05-28 14:53 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-05-28 14:53 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-05-28 14:53 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-05-28 14:53 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-05-28 14:53 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-05-28 14:53 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-05-28 14:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-05-28 14:46 <DIR> d-------- C:\WINDOWS\EHome
2007-05-28 13:32 <DIR> d-------- C:\Program Files\Macrovision
2007-05-28 13:30 <DIR> d-------- C:\DOCUME~1\Mahmoud\APPLIC~1\InstallShield
2007-05-28 09:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-27 22:58 <DIR> d-------- C:\DOCUME~1\Mahmoud\APPLIC~1\TrojanHunter
2007-05-27 22:51 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-05-27 22:05 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-27 22:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gtek
2007-05-27 22:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-05-27 22:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-05-27 22:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-05-27 20:58 <DIR> d-------- C:\Documents and Settings\Mahmoud\.housecall6.6
2007-05-27 20:58 <DIR> d-------- C:\DOCUME~1\Mahmoud\.housecall6.6
2007-05-13 14:02 <DIR> d-------- C:\Program Files\SopCast
2007-05-13 14:02 <DIR> d-------- C:\DOCUME~1\Mahmoud\APPLIC~1\SopCast


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 12:31:55 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-28 12:09:30 -------- d-----w C:\Program Files\McAfee
2007-05-27 20:33:16 -------- d-----w C:\Program Files\Dl_cats
2007-05-27 20:07:19 -------- d-----w C:\Program Files\Google
2007-05-26 19:02:19 -------- d-----w C:\Program Files\Egyptian Arabic Vocab Clinic 2.0
2007-05-26 16:47:13 -------- d-----w C:\DOCUME~1\Mahmoud\APPLIC~1\SiteAdvisor
2007-05-21 14:59:53 -------- d-----w C:\Program Files\Digital Line Detect
2007-05-21 14:56:24 -------- d-----w C:\Program Files\Bricks Of Egypt 2
2007-05-21 14:56:08 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-04-13 21:43:33 -------- d-----w C:\Program Files\Star Defender 2
2007-04-13 20:06:17 -------- d-----w C:\Program Files\SiteAdvisor
2007-04-10 18:10:23 -------- d-----w C:\Program Files\LimeWire
2007-04-09 21:58:18 6,112 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-09 21:58:03 104 --sh--r C:\WINDOWS\system32\25971BB0AD.sys
2007-04-05 19:02:26 -------- d-----w C:\DOCUME~1\Mahmoud\APPLIC~1\Alive Games
2007-03-31 18:19:04 -------- d-----w C:\Program Files\McAfee.com
2007-03-31 17:01:04 -------- d-----w C:\Program Files\Common Files\McAfee
2007-03-28 22:20:17 2,368 ----a-w C:\WINDOWS\system32\STEC3.sys
2007-03-26 18:33:52 160,411 ----a-w C:\WINDOWS\English4Today studyGuide 1 Uninstaller.exe
2007-03-25 12:36:17 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-03-25 12:35:25 363,980 ----a-w C:\WINDOWS\1-fe5e180d56ed9c233080898276c260cc.exe
2007-03-19 21:55:55 246,992 ----a-w C:\Program Files\VkeyInst.EXE
2007-03-05 23:01:50 94,208 ----a-w C:\WINDOWS\system32\ScrUnZip.dll
2007-03-05 22:56:55 352,256 ----a-w C:\WINDOWS\system32\IJL15.dll
2007-03-05 22:50:24 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-03-03 17:20:23 18,895,728 ----a-w C:\Program Files\Install_Messenger.exe
2007-03-02 20:12:01 159,740 ----a-w C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
2007-03-02 20:10:48 782,504 ----a-w C:\Program Files\Google Updater.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{089FD14D-132B-48FC-8861-0048AE113215}=C:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 16:41]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 05:20]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 03:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-08 12:27]
"dlcgmon.exe"="C:\Program Files\Dell AIO 810\dlcgmon.exe" [2005-10-21 02:42]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-03-02 21:13]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-02 22:26]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-01-11 08:45]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 05:37]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:56]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [2007-05-11 20:01]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 07:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun\autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-05-25 17:30:01 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DFWJJ62J-Rosemary).job
2007-03-31 16:58:57 C:\WINDOWS\tasks\McDefragTask.job
2007-03-31 16:58:55 C:\WINDOWS\tasks\McQcTask.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 20:24:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-29 20:26:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 20:26

--- E O F ---
egypt23
May 29 2007, 07:40 PM
Below is new hijack this report. uhm.gif Hope you can help me fix my poor pc....

And sorry forgot to say thanks for the welcome to the forum!

Logfile of HijackThis v1.99.1
Scan saved at 20:37:14, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Mahmoud\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
egypt23
May 30 2007, 02:43 PM
Hiya, just an update, the computer seems a lot better, am gonna check again tonight to see if it is still happening......
teacup61
May 31 2007, 02:58 PM
Hello,

Yes, please let me know if you're getting the redirects still, and go ahead and post a fresh HijackThis log.

Thanks,
tea
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.