Error On Laptop - Vista WLLogin Proxy Closing, Popups Appearing, IE Explorer Slow,

07-26-2008

Hi there Im considering a huge problem with my laptop after transferring
programs from PC.

IE Explorer is running 2 processes at once according to task manager
showing this - yet only one internet explorer is running.

WLLogin Proxy is closing down constantly.

- Popups keep appearing all over the internet.

- The internet is now generally slow, as is some of the PC.

Here is the hjjack this log:

Code:
--------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:59:31, on 26/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\DELL\E-Center\EULALauncher.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Users\Guest\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 'Dell Start Page' (http://www.google.co.uk/ig/dell?hl=e...uk&ibd=3080629)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 'Google' (http://www.google.co.uk/)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {2BAA4919-100F-404E-B820-52EC998AA9AC} - C:\Users\Westy\AppData\Local\Temp\ddcAqNed.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {0f53b9ec-41dc-7b7b-b824-b2f0fabd58db} - {bd85dbaf-0f2b-428b-b7b7-cd14ce9b35f0} - C:\Windows\system32\qcqnyi.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnomkLC.dll,#1
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Guest\AppData\Local\Temp\cbXRJAPH.dll,#1
O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run: [MSServer] rundll32.exe C:\Users\Guest\AppData\Local\Temp\cbXRJAPH.dll,#1 (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/s...wserPlugin.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 10172 bytes

--------------------

Ive run ADAWARE, MCAFEE, WINDOWS DEFENDER, A SQUARED, BITDEFENDER and
eliminated the files/quarrianted but nothing has changed. Please help.
Im a

--
gaminglegend

07-26-2008

I see 3 entries that you might wish to investigate:

O2 - BHO: (no name) - {2BAA4919-100F-404E-B820-52EC998AA9AC} -
C:\Users\Westy\AppData\Local\Temp\ddcAqNed.dll (file missing)
O2 - BHO: {0f53b9ec-41dc-7b7b-b824-b2f0fabd58db} -
{bd85dbaf-0f2b-428b-b7b7-cd14ce9b35f0} - C:\Windows\system32\qcqnyi.dll
O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run: [MSServer]
rundll32.exe C:\Users\Guest\AppData\Local\Temp\cbXRJAPH.dll,#1 (User '?')

I am ALWAYS suspicious of anything running from a "Temp" folder. I don't
recognize the .dll in the Windows\System32 folder, and Google does not
return any hits.

The last line looks like you have a variant of the "vundo" trojan.

John

"gaminglegend" <> wrote in message
news:...
>
> Hi there Im considering a huge problem with my laptop after transferring
> programs from PC.
>
> IE Explorer is running 2 processes at once according to task manager
> showing this - yet only one internet explorer is running.
>
> WLLogin Proxy is closing down constantly.
>
> - Popups keep appearing all over the internet.
>
> - The internet is now generally slow, as is some of the PC.
>
> Here is the hjjack this log:
>
> Code:
> --------------------
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 00:59:31, on 26/07/2008
> Platform: Windows Vista SP1 (WinNT 6.00.1905)
> MSIE: Internet Explorer v7.00 (7.00.6001.18000)
> Boot mode: Normal
> Running processes:
> c:\PROGRA~1\mcafee.com\agent\mcagent.exe
> C:\Windows\system32\Dwm.exe
> C:\DELL\E-Center\EULALauncher.exe
> C:\Program Files\DellTPad\Apoint.exe
> C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
> C:\Windows\System32\hkcmd.exe
> C:\Windows\System32\igfxpers.exe
> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
> C:\Program Files\Dell\MediaDirect\PCMService.exe
> C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
> C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
> C:\Program Files\a-squared Anti-Malware\a2guard.exe
> C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
> C:\Program Files\Windows Live\Messenger\msnmsgr.exe
> C:\Windows\System32\rundll32.exe
> C:\Program Files\Digital Line Detect\DLG.exe
> C:\Windows\system32\igfxsrvc.exe
> C:\Program Files\DellTPad\ApMsgFwd.exe
> C:\Program Files\DellTPad\HidFind.exe
> C:\Program Files\DellTPad\Apntex.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Common Files\Microsoft Shared\Windows
> Live\WLLoginProxy.exe
> C:\Program Files\Common Files\Microsoft Shared\Windows
> Live\WLLoginProxy.exe
> C:\Windows\explorer.exe
> C:\Users\Guest\Downloads\HiJackThis.exe
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> 'Dell Start Page'
> (http://www.google.co.uk/ig/dell?hl=e...uk&ibd=3080629)
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live
> Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 'Google'
> (http://www.google.co.uk/)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> 'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> 'Live Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Live
> Search' (http://go.microsoft.com/fwlink/?LinkId=54896)
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> 'MSN.com' (http://go.microsoft.com/fwlink/?LinkId=69157)
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
> Internet Explorer provided by Dell
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> O1 - Hosts: ::1 localhost
> O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program
> Files\SiteAdvisor\6172\SiteAdv.dll
> O2 - BHO: (no name) - {2BAA4919-100F-404E-B820-52EC998AA9AC} -
> C:\Users\Westy\AppData\Local\Temp\ddcAqNed.dll (file missing)
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
> O2 - BHO: Windows Live Sign-in Helper -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: {0f53b9ec-41dc-7b7b-b824-b2f0fabd58db} -
> {bd85dbaf-0f2b-428b-b7b7-cd14ce9b35f0} - C:\Windows\system32\qcqnyi.dll
> O3 - Toolbar: Veoh Browser Plug-in -
> {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh
> Networks\Veoh\Plugins\reg\VeohToolbar.dll
> O3 - Toolbar: McAfee SiteAdvisor -
> {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program
> Files\SiteAdvisor\6172\SiteAdv.dll
> O3 - Toolbar: BitDefender Toolbar -
> {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program
> Files\BitDefender\BitDefender 2008\IEToolbar.dll
> O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
> Defender\MSASCui.exe -hide
> O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
> O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
> O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major
> Audio\WDM\sttray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
> O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
> O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaanotif.exe"
> O4 - HKLM\..\Run: [mcagent_exe] C:\Program
> Files\McAfee.com\Agent\mcagent.exe /runkey
> O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
> Center\gs_agent\custom\dsca.exe"
> O4 - HKLM\..\Run: [PCMService] "C:\Program
> Files\Dell\MediaDirect\PCMService.exe"
> O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common
> Files\Nokia\MPlatform\NokiaMServer /watchfiles
> O4 - HKLM\..\Run: [MSServer] rundll32.exe
> C:\Windows\system32\opnomkLC.dll,#1
> O4 - HKLM\..\Run: [SiteAdvisor] C:\Program
> Files\SiteAdvisor\6172\SiteAdv.exe
> O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared
> Anti-Malware\a2guard.exe" /d=60
> O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program
> Files\BitDefender\BitDefender 2008\IEShow.exe"
> O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender
> 2008\bdagent.exe"
> O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe
> oobefldr.dll,ShowWelcomeCenter
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
> Live\Messenger\msnmsgr.exe" /background
> O4 - HKCU\..\Run: [MSServer] rundll32.exe
> C:\Users\Guest\AppData\Local\Temp\cbXRJAPH.dll,#1
> O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run:
> [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User
> '?')
> O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run: [msnmsgr]
> "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User
> '?')
> O4 - HKUS\S-1-5-21-2405008399-3471037823-3852506121-501\..\Run:
> [MSServer] rundll32.exe C:\Users\Guest\AppData\Local\Temp\cbXRJAPH.dll,#1
> (User '?')
> O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital
> Line Detect\DLG.exe
> O4 - Global Startup: QuickSet.lnk = C:\Program
> Files\Dell\QuickSet\quickset.exe
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
> O13 - Gopher Prefix:
> O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo
> Uploader 5) -
> http://upload.facebook.com/controls/...oUploader5.cab
> O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl
> Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
> O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
> http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
> O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin
> Object) -
> http://download.divx.com/webplayer/s...wserPlugin.cab
> O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
> http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
> O20 - Winlogon Notify: GoToAssist - C:\Program
> Files\Citrix\GoToAssist\514\G2AWinLogon.dll
> O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi
> Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
> O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
> C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
> O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea
> Electronics Corporation - C:\Windows\system32\aestsrv.exe
> O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
> Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program
> Files\Bonjour\mDNSResponder.exe
> O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
> C:\Program Files\Common Files\Macrovision Shared\FLEXnet
> Publisher\FNPLicensingService.exe
> O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems,
> Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
> O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
> Corporation - C:\Program Files\Intel\Intel Matrix Storage
> Manager\Iaantmon.exe
> O23 - Service: iPod Service - Apple Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender
> SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update
> Service\livesrv.exe
> O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
> O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
> O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
> O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
> c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
> O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
> O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
> C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
> O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee,
> Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
> O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. -
> C:\Program Files\McAfee\MSK\MskSrver.exe
> O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC
> Connectivity Solution\ServiceLayer.exe
> O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program
> Files\SiteAdvisor\6172\SAService.exe
> O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. -
> C:\Windows\system32\STacSV.exe
> O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program
> Files\Common Files\SureThing Shared\stllssvr.exe
> O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. -
> C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
> O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org -
> C:\Windows\SYSTEM32\VundoFixSVC.exe
> O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown
> owner - C:\Windows\System32\WLTRYSVC.EXE
> O23 - Service: XAudioService - Conexant Systems, Inc. -
> C:\Windows\system32\DRIVERS\xaudio.exe
> O23 - Service: BitDefender Communicator (XCOMM) - BitDefender -
> C:\Program Files\Common Files\BitDefender\BitDefender
> Communicator\xcommsvr.exe
> --
> End of file - 10172 bytes
>
> --------------------
>
> Ive run ADAWARE, MCAFEE, WINDOWS DEFENDER, A SQUARED, BITDEFENDER and
> eliminated the files/quarrianted but nothing has changed. Please help.
> Im a
>
>
> --
> gaminglegend

07-26-2008

Right. I think I have deleted those as you said, I ran various spywar
scanners and removed/quarrantied the suggested. Here is the most recen
HIJACKTHIS Log. Any more help would be much appericiated

Logfile of Trend Micro HijackThis v2.0.
Scan saved at 17:34:57, on 26/07/200
Platform: Windows Vista SP1 (WinNT 6.00.1905
MSIE: Internet Explorer v7.00 (7.00.6001.18000
Boot mode: Norma
Running processes
C:\Windows\system32\igfxsrvc.ex
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.ex
C:\Windows\system32\Dwm.ex
C:\Windows\Explorer.EX
C:\Program Files\Windows Defender\MSASCui.ex
C:\DELL\E-Center\EULALauncher.ex
C:\Program Files\DellTPad\Apoint.ex
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.ex
C:\Windows\System32\hkcmd.ex
C:\Windows\System32\igfxpers.ex
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.ex
C:\Program Files\Dell\MediaDirect\PCMService.ex
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.ex
C:\Program Files\SiteAdvisor\6261\SiteAdv.ex
C:\Windows\System32\rundll32.ex
C:\Windows\ehome\ehtray.ex
C:\Program Files\Windows Live\Messenger\msnmsgr.ex
C:\Program Files\Digital Line Detect\DLG.ex
C:\Program Files\Dell\QuickSet\quickset.ex
C:\Program Files\DellTPad\ApMsgFwd.ex
C:\Windows\ehome\ehmsas.ex
C:\Program Files\DellTPad\Apntex.ex
C:\Program Files\DellTPad\HidFind.ex
C:\Program Files\Common Files\Microsoft Shared\Window
Live\WLLoginProxy.ex
C:\Windows\system32\taskeng.ex
C:\Program Files\Common Files\Microsoft Shared\Window
Live\WLLoginProxy.ex
C:\Windows\system32\SearchFilterHost.ex
C:\Users\Westy\Desktop\HiJackThis.ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
'Dell Start Page
(http://www.google.co.uk/ig/dell?hl=e...uk&ibd=3080629
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 'Liv
Search' (http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
'Google' (http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int erne
Settings,ProxyOverride = *.loca
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderNam
=
O1 - Hosts: ::1 localhos
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215}
C:\Program Files\SiteAdvisor\6261\SiteAdv.dl
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dl
O2 - BHO: (no name) - {81D0FBCE-94A5-4218-B39F-93104E53EB7E}
C:\Users\Westy\AppData\Local\Temp\ddcAqNed.dl
O2 - BHO: Windows Live Sign-in Helper
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Commo
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dl
O3 - Toolbar: Veoh Browser Plug-in
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veo
Networks\Veoh\Plugins\reg\VeohToolbar.dl
O3 - Toolbar: McAfee SiteAdvisor
{0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Progra
Files\SiteAdvisor\6261\SiteAdv.dl
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Window
Defender\MSASCui.exe -hid
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.ex
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.ex
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Majo
Audio\WDM\sttray.ex
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.ex
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.ex
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matri
Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Progra
Files\McAfee.com\Agent\mcagent.exe /runke
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Suppor
Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [PCMService] "C:\Progra
Files\Dell\MediaDirect\PCMService.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Commo
Files\Nokia\MPlatform\NokiaMServer /watchfile
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Progra
Files\SiteAdvisor\6261\SiteAdv.exe
O4 - HKLM\..\Run: [BM27f739bd] Rundll32.exe
"C:\Windows\system32\pvtrtgnk.dll",s
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows
Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital
Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program
Files\Dell\QuickSet\quickset.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo
Uploader 5) -
http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl
Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin
Object) -
http://download.divx.com/webplayer/s...wserPlugin.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: GoToAssist - C:\Program
Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea
Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix
Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. -
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. -
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee,
Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. -
C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program
Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. -
C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program
Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org -
C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown
owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8432 bytes

--
gaminglegend

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Explorer in Vista Keeps Closing due to Errors	mbrooks83	Windows Vista Performance	2	05-31-2008 02:19 PM
vista freezing after closing my laptop	thedicemaster	Windows Vista General Discussion	5	11-28-2007 08:41 AM
Closing laptop makes vista sleep, interrupting shutdown	jellyedwards	Windows Vista General Discussion	6	06-21-2007 08:12 PM
Any Way to Lock Laptop when closing lid?	Trickymon	Windows Vista General Discussion	2	03-13-2007 04:45 AM
Internet Explorer Proxy setting	cpu	Windows Vista Networking	3	10-21-2006 11:02 AM