Win32.Delf.uc, Win32.Joleee.K

[Raggen]

MadInjection.rtk
Microsoft.WindowsSecurityCenter.FirewallOverride
Microsoft.WindowsSecurityCenter_disabled
Win32.Delf.uc
Win32.Joleee.K

is what S & D found . removde and it allways come back .

who will be my computers saviour ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35, on 2009-03-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Java\jre1.6.0_07\bin\jusched.exe
C:\Program\LogMeIn\x86\LogMeInSystray.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Curse\CurseClient.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe
C:\Program\DAEMON Tools Pro\DTProAgent.exe
C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\LogMeIn\x86\LogMeIn.exe
C:\Program\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\$AVG8.VAULT$\TightVNC\WinVNC.exe
C:\Program\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 77.91.226.116:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d1cb027d-f4c5-4680-be90-361ae486cfad} - (no file)
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [AbyssWebServer] C:\Program\Abyss Web Server\abyssws.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-134171913-2602389368-3177965986-1009\..\RunOnce: [NeroHomeFirstStart] "C:\Program\Delade filer\Nero\Lib\NMFirstStart.exe" (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-134171913-2602389368-3177965986-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program\Delade filer\Nero\Lib\NMFirstStart.exe" (User 'Administratör')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tjxusyri.exe] C:\WINDOWS\tjxusyri.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbxosyze.exe] C:\WINDOWS\dbxosyze.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lfzfbmui.exe] C:\WINDOWS\lfzfbmui.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrffrimu.exe] C:\WINDOWS\jrffrimu.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tjyhyvvd.exe] C:\WINDOWS\tjyhyvvd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [vxvkxthg.exe] C:\WINDOWS\vxvkxthg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdajmvgh.exe] C:\WINDOWS\hdajmvgh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bnaidihj.exe] C:\WINDOWS\bnaidihj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdinunwk.exe] C:\WINDOWS\hdinunwk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrfrlazp.exe] C:\WINDOWS\jrfrlazp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbxxglvb.exe] C:\WINDOWS\dbxxglvb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [vxvsziyr.exe] C:\WINDOWS\vxvsziyr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zzjxjxpt.exe] C:\WINDOWS\zzjxjxpt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [phbhujtv.exe] C:\WINDOWS\phbhujtv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fprcidaz.exe] C:\WINDOWS\fprcidaz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zzgcubqu.exe] C:\WINDOWS\zzgcubqu.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntpqreht.exe] C:\WINDOWS\ntpqreht.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bndhcrwx.exe] C:\WINDOWS\bndhcrwx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [phncjyxp.exe] C:\WINDOWS\phncjyxp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bndndlfo.exe] C:\WINDOWS\bndndlfo.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jwlpqwxq.exe] C:\WINDOWS\jwlpqwxq.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\LocalService\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: AppMgmt - Unknown owner - C:\WINDOWS\TEMP\VRT11.tmp (file missing)
O23 - Service: AudioSrv - Unknown owner - C:\WINDOWS\TEMP\VRT11.tmp (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\$AVG8.VAULT$\TightVNC\WinVNC.exe

--
End of file - 11601 bytes

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.