#Thanks for looking at this Dedrater

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:36:24, on 23/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASRock Utility\InstantBoot\InstantBoot.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter .exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe
C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe
C:\Users\Niall\Downloads\mseinstall.exe
d:\0508b215c7b186627e03fcbbf6d8\epplauncher.exe
d:\0508b215c7b186627e03fcbbf6d8\x86\Setup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [jkss.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [jkss.exe] C:\Program Files\Common Files\Microsoft Shared\Web Components\cffmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 6328 bytes

 

There is no viruses or any malware running it would seem, I don't know what this is though..

d:\0508b215c7b186627e03fcbbf6d8\x86\Setup.exe, may be related to your sony ericsson phone?

I know this one sounds dodgy, but is safe, it is installed with the HTC sync software.

C:\Program Files\Common Files\Teleca Shared\logger.exe

Type services.msc in search and see if Microsoft Antimalware service is set to automatic, if it is, then the next thing I would do is manually uninstall the program..

http://support.microsoft.com/kb/2435760/

then reinstall. Have you had any other AV software on this computer in the past?

 

Something is def up. I couldn't install Avira or avg just now. I keep getting redirected to random webpages too .. never had any other AV except Mse mate. Also haven't had a Sony phone in long long time, wouldn't have any drivers for one installed ever..

 

Stupid HTC desire predictible keyboard lol!

I also tried uninstalling MSE , that was no problem but I wasnt allowed install it again .

Kept getting stuck near the final stages and wouldnt progress any further ...


d:\0508b215c7b186627e03fcbbf6d8\x86\Setup.exe just appeared out of nowhere on my D drive

I deleted it yesterday

 

Hi there try download Malwarebytes' Anti-Malware from this website http://www.malwarebytes.org/ and run at Safe Mode,this will delete any suspicious files from your PC.



Jura

 

Type msconfig in the search programs and files box, on the general tab, uncheck load startup items (you will need to select selected startup first) then go to the Services tab, tick the box that says Hide all microsoft services uncheck them all for now (leave the wireless card alone if it is listed)

Reboot, try install again.

 

Also, check the Windows Installer service is running, again from the services tab, you would need to check the box at the bottom to show ms services if you unchecked it.

 

Thanks Jura , I ran MWB yesterday , it picked up one infection and took care of it

Dedrater I ran a prog called hitmanpro in safe mode and it found the mother ..

CFFMON.EXE
Its quarintined now and im able to install any a/v I feel like

Im still getting redirected to dodgy websites tho :/

Many thanks for all the help and suggestions!

 

You can try Combofix http://www.combofix.org/ and you will see....
I have before same problem on my brother PC and i run just Combofix and after this everything working like charm....



Jura

 

Jura

You're the man thanks

That did the trick

 

Don't worry matey



Jura

 

I have always run AVG internet security for the last 4 years and bever once have i had a problem on any PCs i use it on (about 15), I just don't see why people want to run Free AV programs.. lets face it, would you run free brake pads on your car??

For only about 20p per machine per month you get full firewall and AV solution. Never had a problem with it and neither have a number of colleges.

Just my 2p'ce worth really..