Jump to content

Invisible

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Invisible
    As requested, here is the text of the drivers32 registry entry: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"="midimap.dll" "msacm.imaadpcm"="imaadp32.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msg711"="msg711.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.trspch"="tssoft32.acm" "vidc.cvid"="iccvid.dll" "vidc.I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iyuv"="iyuv_32.dll" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "vidc.uyvy"="msyuv.dll" "vidc.yuy2"="msyuv.dll" "vidc.yvu9"="tsbyuv.dll" "vidc.yvyu"="msyuv.dll" "wavemapper"="msacm32.drv" "msacm.msg723"="msg723.acm" "vidc.M263"="msh263.drv" "vidc.M261"="msh261.drv" "msacm.msaudio1"="msaud32.acm" "msacm.sl_anet"="sl_anet.acm" "msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax" "vidc.iv50"="ir50_32.dll" "msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm" "wave"="wdmaud.drv" "midi"="wdmaud.drv" "mixer"="wdmaud.drv" "SENTINEL"="snti386.dll" "wave1"="wdmaud.drv" "midi1"="wdmaud.drv" "mixer1"="wdmaud.drv" "aux"="wdmaud.drv" "wave2"="wdmaud.drv" "midi2"="wdmaud.drv" "mixer2"="wdmaud.drv" "aux1"="wdmaud.drv" "wave3"="wdmaud.drv" "midi3"="wdmaud.drv" "mixer3"="wdmaud.drv" "aux2"="wdmaud.drv" "wave4"="wdmaud.drv" "midi4"="wdmaud.drv" "mixer4"="wdmaud.drv" "aux3"="wdmaud.drv" "wave5"="ScWave2K.dll" "mixer5"="ScWave2K.dll" "wave6"="wdmaud.drv" "midi5"="wdmaud.drv" "mixer6"="wdmaud.drv" "aux4"="wdmaud.drv" "wave7"="wdmaud.drv" "midi6"="wdmaud.drv" "mixer7"="wdmaud.drv" "aux5"="wdmaud.drv" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP] "wave"="rdpsnd.dll" "mixer"="rdpsnd.dll" "MaxBandwidth"=dword:000056b9 "wavemapper"="msacm32.drv" "EnableMP3Codec"=dword:00000001 "midimapper"="midimap.dll"
  2. Invisible
    I'm bumping this to avoid getting lost. I apologize if anyone thought the boldface was me yelling at them. I just did that to set my comments off from the logs. -Wesley
  3. Invisible
    MBAM finds no infections during a full scan, and nothing in the HJT log jumps out at me. Yet my computer is blocked from navigating to websites for security vendors, and the MBAM update fails (I copied the most current definitions to the MBAM 'Application data' folder before I ran this scan). Any ideas? Thanks, Wesley First, the MBAM log from a complete scan: Malwarebytes' Anti-Malware 1.34 Database version: 1930 Windows 5.1.2600 Service Pack 2 4/1/2009 2:53:00 PM mbam-log-2009-04-01 (14-53-00).txt Scan type: Full Scan (C:\|) Objects scanned: 129130 Time elapsed: 20 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:53:56 PM, on 4/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ScHide32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\Specter Instruments\WIN-911 V7\TeleDAC.exe C:\PROGRA~1\ROCKWE~1\RSVIEW~1\DISPLA~2.EXE C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Common Files\Rockwell\EventServer.exe C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Rockwell\NmspHost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Rockwell\RdcyHost.exe C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe C:\Program Files\Common Files\Rockwell\RsvcHost.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe C:\Program Files\KEPServerEnterprise\ServerMain.exe C:\Program Files\Common Files\Rockwell\RnaDirServer.exe C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe C:\Program Files\Common Files\Rockwell\RnaAeServer.exe C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Specter Instruments\WIN-911 V7\Tools\WIN911 Bridge Service.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe C:\Program Files\Rockwell Software\RSView Enterprise\HMITagsSCM.EXE C:\Program Files\Rockwell Software\RSView Enterprise\HMITagsDDM.EXE C:\Program Files\Rockwell Software\RSView Enterprise\AlmSrv.exe C:\Program Files\Rockwell Software\RSView Enterprise\HMITagsBTM.EXE C:\WINDOWS\system32\rtdsk40.exe C:\Program Files\Rockwell Software\RSView Enterprise\SHDE.EXE C:\Program Files\Rockwell Software\RSView Enterprise\AlarmQB.exe C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe C:\Program Files\Rockwell Software\RSView Enterprise\SAUserServ.exe C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliSrv.exe C:\Program Files\Rockwell Software\RSView Enterprise\CommandErrorLogSrv.exe C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdCli.exe C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdRp.exe C:\Program Files\Rockwell Software\RSView Enterprise\AlmMpx.exe C:\Program Files\Rockwell Software\RSView Enterprise\RSAOAServer.exe C:\Program Files\Rockwell Software\RSView Enterprise\FTHRdCli.exe C:\Program Files\Rockwell Software\RSView Enterprise\AlmCliSrvWrap.exe C:\Program Files\Rockwell Software\RSView Enterprise\SEGfxVBACli.exe C:\Program Files\Rockwell Software\RSView Enterprise\DisplayClientManager.exe C:\Program Files\Rockwell Software\RSView Enterprise\DisplayCCmdFrnt.exe C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliTagHMIService.exe C:\Program Files\Rockwell Software\RSView Enterprise\GfxCommandHMIService.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080115 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080115 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0080115 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [usbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [scHide32] ScHide32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Shortcut to TeleDAC.lnk = C:\Program Files\Specter Instruments\WIN-911 V7\TeleDAC.exe O4 - Global Startup: Unalaska SCADA.lnk = C:\Documents and Settings\All Users\Documents\RSView Enterprise\SE\Client\Unalaska_SCADA.cli O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233109052828 O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE7687F-AF16-427B-8843-91318AAEF558}: NameServer = 10.10.10.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: WIN-911 Service Wrapper (911SRV) - Specter Instruments - C:\Program Files\Specter Instruments\WIN-911 V7\911SRV.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: KEPServerEnterprise Service (KEPServerEnterpriseService) - Kepware - C:\Program Files\KEPServerEnterprise\ServerMain.exe O23 - Service: LogReceiver - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe O23 - Service: Rockwell HMI Activity Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe O23 - Service: Rockwell HMI Alarm Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe O23 - Service: Rockwell HMI Framework - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 13869 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.