1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help - nnnmjii.dll - Here is the log of ComboFix

Discussion in 'Virus & Other Malware Removal' started by ketsh, Jul 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ketsh

    ketsh Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    2
    Hi ALl,
    Here is the log of ComboFix, i am facing lots of issues with my machines, popup windows, slow, lot of torjons are there. Need help fixing them.
    Please help..
    Best Regards,
    Ketsh

    Following is the log of ComboFix

    "ketans" - 2007-07-15 12:37:58 - ComboFix 07-07-04.4 - Service Pack 2 [SAFE MODE]


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\nnnmjii.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    C:\WINDOWS\system32\nnnmjii.dll

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ketans\APPLIC~1.\mcroso~1.net
    C:\DOCUME~1\ketans\APPLIC~1.\mcroso~1.net\winlogon.exe
    C:\DOCUME~1\ketans\Desktop.\Install WinAntiSpyware 2007 .lnk
    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
    C:\Program Files\ComPlus Applications\lazuq.dll
    C:\Program Files\mmsassist
    C:\Program Files\mmsassist\mms.ini
    C:\Program Files\Outlook Express\honewazeh83122.dll
    C:\WINDOWS\offun.exe
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\dobe~1\?hkntfs.exe
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\ioncce.dll
    C:\WINDOWS\system32\wincom32.ini
    C:\WINDOWS\system32\wincom32.sys
    C:\WINDOWS\uninst2.htm
    C:\WINDOWS\unist1.htm


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE
    -------\LEGACY_NET_AGENT
    -------\LEGACY_WINCOM32
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\core
    -------\Net Agent
    -------\WINCOM32


    ((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))


    2007-07-15 12:37 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-15 00:57 626,352 -r-hs---- C:\WINDOWS\kqrysjyA.exe
    2007-07-15 00:56 31,254 --------- C:\WINDOWS\system32\nnnmjii.dll
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\driver
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\B5
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\B4
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\B3
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\B2
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\B1
    2007-07-15 00:56 <DIR> d-------- C:\WINDOWS\system32\B0
    2007-07-05 23:27 <DIR> d-------- C:\Program Files\MTV Networks
    2007-07-05 22:23 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-07-04 10:30 <DIR> d-------- C:\VundoFix Backups
    2007-06-29 12:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
    2007-06-29 10:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-06-27 23:04 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
    2007-06-26 22:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-06-26 18:47 <DIR> d-------- C:\Temp


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-06 06:20:18 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-07-04 17:48:43 -------- d-----w C:\Program Files\PCFriendly
    2007-07-04 02:56:16 -------- d--h--w C:\Program Files\WindowsUpdate
    2007-06-29 23:10:06 -------- d-----w C:\Program Files\Google
    2007-06-27 05:41:56 -------- d-----w C:\DOCUME~1\ketans\APPLIC~1\Yahoo!
    2007-06-27 05:40:17 -------- d-----w C:\Program Files\Yahoo!
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 05:43:44 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2004-12-13 13:26 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-30 12:34 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-11-09 16:21 440056 --a------ C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}]
    2007-07-15 00:56 31254 --------- C:\WINDOWS\system32\nnnmjii.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
    C:\WINDOWS\system32\WinNB57.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-07-07 17:27 493856 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 04:17]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 00:54]
    "PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 04:03]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-07 19:01]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 18:57]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-30 12:34]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 13:04]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 12:56]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{941508F8-CCD9-44E0-AC29-4F1E141373F7}"="C:\WINDOWS\system32\nnnmjii.dll" [2007-07-15 00:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmjii]
    nnnmjii.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    c:\WINDOWS\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\system32\tmp_6.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background


    Contents of the 'Scheduled Tasks' folder
    2007-07-15 17:32:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-15 12:43:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-15 12:46:41 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-15 12:46

    --- E O F ---
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. ketsh

    ketsh Thread Starter

    Joined:
    Jul 15, 2007
    Messages:
    2
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:28, on 2007-07-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    D:\oracle\ora92\bin\omtsreco.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\Program Files\Network Associates\VirusScan\Avconsol.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\1XConfig.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Program Files\SBC LightSpeed Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - C:\WINDOWS\system32\nnnmjii.dll
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC LightSpeed Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b2e39d9ca3e04f39bb56f150dcc3fdab
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b2e39d9ca3e04f39bb56f150dcc3fdab
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Subscribe in default RSS reader - C:\Documents and Settings\ketans\Application Data\RssBandit\iecontext_subscribefeed.htm
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.adgate.info (HKLM)
    O15 - Trusted Zone: *.adsextend.net (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: *.matcash.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O15 - Trusted Zone: *.snipernet.biz (HKLM)
    O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://lexicon/projectserver/objects/pjclient.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1183518724353
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183518706477
    O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://lexicon/projectserver/objects/1033/pjcintl.cab
    O16 - DPF: {EEA8A033-84D3-4CA9-9C12-3697347D0FD3} (Web Conferencing Pro Application Sharing Control) - http://www.connexpresents.com/atc/signedshare-plugin_1,32,0,51.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fusion-pune.local
    O17 - HKLM\Software\..\Telephony: DomainName = fusion-pune.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fusion-pune.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fusion-pune.local
    O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_6.dll
    O20 - Winlogon Notify: nnnmjii - C:\WINDOWS\SYSTEM32\nnnmjii.dll
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - D:\oracle\ora92\BIN\ONRSD.EXE

    --
    End of file - 10343 bytes
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    download http://www.mvps.org/winhelp2002/DelDomains.inf with I.E.

    Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

    Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
    ===========

    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596198

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice