Jump to content

sjmgmtnc

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by sjmgmtnc

    calc.dll and other files don't delete after reboot

    in Resolved Malware Removal Logs

    Posted

    Here's the scan. No infected files !

    How do I prevent this? I thought that was what McAfee was for.

    Malwarebytes' Anti-Malware 1.41

    Database version: 3047

    Windows 5.1.2600 Service Pack 3

    10/29/2009 2:43:24 PM

    mbam-log-2009-10-29 (14-43-24).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 171235

    Time elapsed: 30 minute(s), 16 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    calc.dll and other files don't delete after reboot

    in Resolved Malware Removal Logs

    Posted

    Thanks for help. I ran combofix. Here is the log. Do I need to do anything else?

    ComboFix 09-10-28.08 - Samm 10/29/2009 11:17.1.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00]

    Running from: c:\documents and settings\Samm\Desktop\ComboFix.exe

    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\Samm\ntuser.dll

    c:\documents and settings\Samm\Start Menu\Programs\Startup\scandisk.dll

    c:\documents and settings\Samm\Start Menu\Programs\Startup\scandisk.lnk

    c:\program files\Shared

    c:\windows\kb913800.exe

    c:\windows\system32\calc.dll

    c:\windows\system32\hufemute.dll

    c:\windows\Tasks\optolaps.job

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NWCWORKSTATION

    -------\Service_NWCWorkstation

    ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))

    .

    2009-10-28 19:53 . 2009-10-28 19:53 -------- d-----w- c:\program files\Trend Micro

    2009-10-28 17:26 . 2009-10-28 17:26 -------- d-----w- c:\documents and settings\Samm\Application Data\Malwarebytes

    2009-10-28 17:23 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-10-28 17:23 . 2009-10-28 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-10-28 17:23 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-10-28 17:23 . 2009-10-28 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-10-28 17:08 . 2009-10-28 17:08 -------- d-----w- c:\program files\CCleaner

    2009-10-22 05:57 . 2009-10-27 04:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

    2009-10-22 05:37 . 2009-10-22 05:57 -------- d-----w- c:\program files\Shockwave.com

    2009-10-22 05:24 . 2009-10-22 05:24 -------- d-----w- c:\windows\SWImport Xtra Cache

    2009-10-22 05:21 . 2009-10-22 05:24 -------- d-----w- c:\windows\system32\Adobe

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-10-29 15:28 . 2009-03-16 19:54 256 ----a-w- c:\windows\system32\pool.bin

    2009-10-29 15:07 . 2007-07-01 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

    2009-10-27 01:51 . 2008-09-06 01:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

    2009-10-22 18:55 . 2008-12-13 02:13 -------- d-----w- c:\program files\Common Files\Apple

    2009-10-16 15:01 . 2008-04-29 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

    2009-10-16 14:57 . 2007-01-05 15:31 -------- d-----w- c:\program files\Microsoft Works

    2009-10-16 00:31 . 2007-01-05 15:46 78648 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2009-10-09 04:13 . 2008-09-28 02:14 -------- d-----w- c:\program files\Webshots

    2009-09-16 14:22 . 2007-07-01 16:29 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

    2009-09-16 14:22 . 2007-07-01 16:29 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

    2009-09-16 14:22 . 2007-07-01 16:29 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

    2009-09-16 14:22 . 2007-07-01 16:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

    2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll

    2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll

    2009-08-29 07:36 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll

    2009-08-29 07:36 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll

    2009-08-29 07:36 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll

    2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll

    2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

    2009-08-06 23:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll

    2009-08-06 23:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll

    2009-08-06 23:24 . 2007-01-10 03:13 44768 ----a-w- c:\windows\system32\wups2.dll

    2009-08-06 23:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll

    2009-08-06 23:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe

    2009-08-06 23:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll

    2009-08-06 23:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll

    2009-08-06 23:23 . 2008-04-29 20:15 274288 ----a-w- c:\windows\system32\mucltui.dll

    2009-08-06 23:23 . 2008-04-29 20:15 215920 ----a-w- c:\windows\system32\muweb.dll

    2009-08-06 23:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll

    2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll

    2009-08-04 15:13 . 2005-08-16 10:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe

    2009-08-04 14:20 . 2004-08-04 04:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2008-03-19 03:31 . 2007-01-18 04:09 88 --sh--r- c:\windows\system32\498C90A90F.sys

    2009-06-07 23:58 . 2007-01-18 04:09 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]

    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]

    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]

    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]

    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]

    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]

    "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]

    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-14 196608]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]

    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]

    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-10-28 1312080]

    "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]

    c:\documents and settings\Samm\Start Menu\Programs\Startup\

    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-9-27 157000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

    Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]

    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-5 24576]

    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [8/25/2008 7:40 PM 101528]

    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [9/5/2007 10:20 PM 40832]

    S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [8/25/2008 7:39 PM 24876]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - CLASSPNP_2

    *NewlyCreated* - MBR

    *Deregistered* - CLASSPNP_2

    *Deregistered* - mbr

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = about:blank

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

    DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} - hxxp://photofiddle.com/ocx/VUploaderProj1.cab

    .

    - - - - ORPHANS REMOVED - - - -

    SharedTaskScheduler-{8373b81d-49ba-4d07-abb1-e28b88153b99} - c:\windows\system32\pefaregi.dll

    SSODL-labasufev-{8373b81d-49ba-4d07-abb1-e28b88153b99} - c:\windows\system32\pefaregi.dll

    Notify-WgaLogon - (no file)

    SafeBoot-mcmscsvc

    SafeBoot-MCODS

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-10-29 11:28

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3600)

    c:\windows\system32\WININET.dll

    c:\windows\system32\ieframe.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\System32\bcmwltry.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\windows\eHome\ehRecvr.exe

    c:\windows\eHome\ehSched.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

    c:\windows\system32\PSIService.exe

    c:\windows\ehome\mcrdsvc.exe

    c:\windows\system32\dllhost.exe

    c:\windows\system32\wscntfy.exe

    c:\windows\eHome\ehmsas.exe

    c:\windows\system32\igfxsrvc.exe

    c:\progra~1\MI3AA1~1\rapimgr.exe

    c:\program files\iPod\bin\iPodService.exe

    c:\progra~1\Webshots\webshots.scr

    .

    **************************************************************************

    .

    Completion time: 2009-10-29 11:31 - machine was rebooted

    ComboFix-quarantined-files.txt 2009-10-29 15:31

    Pre-Run: 39,417,995,264 bytes free

    Post-Run: 39,322,710,016 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - BCB4D15BC2004E834D0C332B06189BAD

    calc.dll and other files don't delete after reboot

    in Resolved Malware Removal Logs

    Posted

    Hello, it looks like I've been having a common problem with the redirect on links to greatfeedmill and others. I downloaded ccleaner and ran it. I then downloaded MB and tried to run it but I got the error where the mbam.exe was missing. I looked at this forum and copied a link to an explore.exe file and copied that to my MB directory and then changed the name back to mbam.exe and ran it. It appeared to run fine but several files did not delete on reboot. I ran this a couple of times with the same results. I am attaching my last MB log and my HijackThis log.

    I've looked at a lot of threads on this but wasn't sure which one would be the best for me so I am posting instead. Any help would be greatly appreciated.

    Thanks.

    Malwarebytes' Anti-Malware 1.41

    Database version: 3047

    Windows 5.1.2600 Service Pack 3

    10/28/2009 2:59:52 PM

    mbam-log-2009-10-28 (14-59-52).txt

    Scan type: Quick Scan

    Objects scanned: 113604

    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 0

    Registry Values Infected: 2

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 5

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Delete on reboot.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\calc.dll (Trojan.Agent) -> Delete on reboot.

    C:\Documents and Settings\Samm\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Samm\ntuser.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Samm\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Samm\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:54:24 PM, on 10/28/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16915)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Dell\MediaDirect\PCMService.exe

    C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\Program Files\Dell Support\DSAgnt.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    C:\PROGRA~1\Webshots\webshots.scr

    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\McAfee\MPF\MPFSrv.exe

    C:\Program Files\McAfee\MSK\MskSrver.exe

    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

    C:\WINDOWS\system32\PSIService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070105

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

    O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

    O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

    O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Samm\ntuser.dll,_IWMPEvents@0

    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168398739856

    O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.com/ocx/VUploaderProj1.cab

    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

    O18 - Filter hijack: text/html - {14504248-44b4-4e64-8a2c-3a43ce301ef5} - (no file)

    O20 - AppInit_DLLs: fadateta.dll c:\windows\system32\pefaregi.dll

    O21 - SSODL: labasufev - {8373b81d-49ba-4d07-abb1-e28b88153b99} - c:\windows\system32\pefaregi.dll (file missing)

    O22 - SharedTaskScheduler: tokatiluy - {8373b81d-49ba-4d07-abb1-e28b88153b99} - c:\windows\system32\pefaregi.dll (file missing)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --

    End of file - 11662 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.