Jump to content

Malwarebytes won't install;


Recommended Posts

I have some kind of infection that causes searches to be periodically hijacked, and pop-ups to appear. MBAM installs but with no MBAM.exe file. Tried runnign Rootrepeal but it crashed after awhile

Hijack This log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:41:21 AM, on 10/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\WINNT\system32\rpcnet.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\DeltaCrypt\DUSKWatch\DUSKWatch.exe

C:\WINNT\Explorer.EXE

C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

C:\Program Files\DeltaCrypt\DUSKWatch\DUSKWatch.exe

C:\WINNT\system32\AESTFltr.exe

C:\WINNT\system32\hkcmd.exe

C:\WINNT\system32\igfxsrvc.exe

C:\WINNT\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Dell Printers\paperport\pptd40nt.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE

C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Colligo Networks\Offline Sync 3.1\CfsStartup.exe

C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\BainApps\Bulletins\BainBulletins.exe

C:\WINNT\system32\wbem\wmiapsrv.exe

C:\WinNT\BainUtil\MapDrives.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE

C:\WINNT\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\02JOS\Desktop\spyware\RootRepeal.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sanfrancisco.mybain.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [_BackupExecDLO] Run.vbs /c:"C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe" /p:-u /d:30 /w:No

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [_MapDrives] Run.vbs /c:"C:\WinNT\BainUtil\MapDrives.exe" /d:180 /w:No

O4 - HKLM\..\Run: [_Communicator] Run.vbs /c:"C:\Program Files\Microsoft Office Communicator\Communicator.exe" /p:"/FromRunKey" /d:90 /w:No

O4 - HKLM\..\Run: [_Copernic] Run.vbs /c:"C:\Program Files\Copernic Desktop Search 2 - Corporate Edition\DesktopSearchService.exe" /p:"/Tray" /d:120 /w:No

O4 - HKLM\..\Run: [_BainBulletins] Run.vbs /c:"C:\Program Files\BainApps\Bulletins\BainBulletins.exe" /d:150 /w:No

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Dell Printers\paperport\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Dell Printers\paperport\IndexSearch.exe"

O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"

O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"

O4 - HKLM\..\Run: [DLQLU] "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S

O4 - HKLM\..\Run: [Communicator] Services.exe (This is a placeholder to keep Communicator from repairing itself)

O4 - HKLM\..\Run: [dafadikiy] Rundll32.exe "c:\winnt\system32\yibagizu.dll",a

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\e507125b-d839-41ca-b163-ab540e6cf0dc.exe

O4 - Global Startup: Offline Sync 3.1.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: @C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Connect to Contributor - {FAB24596-1193-44D4-818D-C81A65DAB0B8} - C:\Program Files\Colligo Networks\Offline Sync 3.1\CGOIEExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=about:blank

O15 - Trusted Zone: *.alacra.com

O15 - Trusted Zone: http://*.alacra.com

O15 - Trusted Zone: *.bainsecure.com

O15 - Trusted Zone: http://*.bainsecure.com

O15 - Trusted Zone: *.bts.com

O15 - Trusted Zone: http://*.bts.com

O15 - Trusted Zone: *.ioma.com

O15 - Trusted Zone: http://*.ioma.com

O15 - Trusted Zone: *.rbb.com

O15 - Trusted Zone: http://*.rbb.com

O15 - Trusted Zone: *.reuters.com

O15 - Trusted Zone: http://*.reuters.com

O15 - Trusted Zone: *.sabrebts.com

O15 - Trusted Zone: http://*.sabrebts.com

O15 - Trusted Zone: *.thomsonib.com

O15 - Trusted Zone: http://*.thomsonib.com

O15 - Trusted Zone: *.webex.com

O15 - Trusted Zone: http://*.webex.com

O15 - Trusted Zone: *.alacra.com (HKLM)

O15 - Trusted Zone: http://*.alacra.com (HKLM)

O15 - Trusted Zone: *.bainsecure.com (HKLM)

O15 - Trusted Zone: http://*.bainsecure.com (HKLM)

O15 - Trusted Zone: *.bts.com (HKLM)

O15 - Trusted Zone: http://*.bts.com (HKLM)

O15 - Trusted Zone: *.ioma.com (HKLM)

O15 - Trusted Zone: http://*.ioma.com (HKLM)

O15 - Trusted Zone: *.rbb.com (HKLM)

O15 - Trusted Zone: http://*.rbb.com (HKLM)

O15 - Trusted Zone: *.reuters.com (HKLM)

O15 - Trusted Zone: http://*.reuters.com (HKLM)

O15 - Trusted Zone: *.sabrebts.com (HKLM)

O15 - Trusted Zone: http://*.sabrebts.com (HKLM)

O15 - Trusted Zone: *.thomsonib.com (HKLM)

O15 - Trusted Zone: http://*.thomsonib.com (HKLM)

O15 - Trusted Zone: *.webex.com (HKLM)

O15 - Trusted Zone: http://*.webex.com (HKLM)

O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://corpmbbos1.bain.com/dashboard/msddsc.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246376232019

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\Software\..\Telephony: DomainName = workstation.bain.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BAIN.COM

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: likufisu.dll c:\winnt\system32\yibagizu.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: DWGina - C:\Program Files\DeltaCrypt\DUSKWatch\DUSKWatch.dll

O21 - SSODL: zagimates - {c426120e-37a1-4170-9e04-5cfe6a939bf2} - c:\winnt\system32\yibagizu.dll

O22 - SharedTaskScheduler: tokatiluy - {c426120e-37a1-4170-9e04-5cfe6a939bf2} - c:\winnt\system32\yibagizu.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Backup Exec Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINNT\system32\rpcnet.exe

O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe

O23 - Service: _Microsoft-IMEKRMIG6.1 - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-IMJPMIG8.1 - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-MSPY2002 - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-PHIME2002A - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-PHIME2002ASync - Unknown owner - C:\WINNT\System32\SrvAny.exe

--

End of file - 17878 bytes

RootRepeal crash report

ROOTREPEAL CRASH REPORT

-------------------------

Windows Version: Windows XP SP3

Exception Code: 0xc0000005

Exception Address: 0x0041125c

Attempt to read from address: 0x00000014

Thanks in advance -- really appreciate your help

Link to post
Share on other sites

I thought I got rid of this with a combination of Super AntiSpyware and MBAM, but it is back.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:59:59 AM, on 10/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINNT\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\WINNT\system32\rpcnet.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\System32\SrvAny.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

C:\Program Files\DeltaCrypt\DUSKWatch\DUSKWatch.exe

C:\WINNT\Explorer.EXE

C:\Program Files\DeltaCrypt\DUSKWatch\DUSKWatch.exe

C:\WINNT\system32\AESTFltr.exe

C:\WINNT\system32\hkcmd.exe

C:\WINNT\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Printers\paperport\pptd40nt.exe

C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE

C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE

C:\WINNT\system32\Services.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\e507125b-d839-41ca-b163-ab540e6cf0dc.exe

C:\Program Files\Colligo Networks\Offline Sync 3.1\CfsStartup.exe

C:\WINNT\system32\igfxsrvc.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\BainApps\Bulletins\BainBulletins.exe

C:\Program Files\Juniper Networks\Network Connect 5.2.0\dsNetworkConnect.exe

C:\WINNT\system32\wbem\wmiapsrv.exe

C:\WinNT\BainUtil\MapDrives.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE

C:\PROGRA~1\MICROS~2\Office12\PPCNVCOM.EXE

C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sanfrancisco.mybain.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

O1 - Hosts: 38.114.141.87 sfr.vpnplus.bain.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [_BackupExecDLO] Run.vbs /c:"C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe" /p:-u /d:30 /w:No

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [_MapDrives] Run.vbs /c:"C:\WinNT\BainUtil\MapDrives.exe" /d:180 /w:No

O4 - HKLM\..\Run: [_Communicator] Run.vbs /c:"C:\Program Files\Microsoft Office Communicator\Communicator.exe" /p:"/FromRunKey" /d:90 /w:No

O4 - HKLM\..\Run: [_Copernic] Run.vbs /c:"C:\Program Files\Copernic Desktop Search 2 - Corporate Edition\DesktopSearchService.exe" /p:"/Tray" /d:120 /w:No

O4 - HKLM\..\Run: [_BainBulletins] Run.vbs /c:"C:\Program Files\BainApps\Bulletins\BainBulletins.exe" /d:150 /w:No

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Dell Printers\paperport\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Dell Printers\paperport\IndexSearch.exe"

O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"

O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"

O4 - HKLM\..\Run: [DLQLU] "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Communicator] Services.exe (This is a placeholder to keep Communicator from repairing itself)

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\e507125b-d839-41ca-b163-ab540e6cf0dc.exe

O4 - Global Startup: Offline Sync 3.1.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: @C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Bain & Company, Inc\Rights Management Add-on\RMAFilt.dll

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Connect to Contributor - {FAB24596-1193-44D4-818D-C81A65DAB0B8} - C:\Program Files\Colligo Networks\Offline Sync 3.1\CGOIEExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=about:blank

O15 - Trusted Zone: *.alacra.com

O15 - Trusted Zone: http://*.alacra.com

O15 - Trusted Zone: *.bainsecure.com

O15 - Trusted Zone: http://*.bainsecure.com

O15 - Trusted Zone: *.bts.com

O15 - Trusted Zone: http://*.bts.com

O15 - Trusted Zone: *.ioma.com

O15 - Trusted Zone: http://*.ioma.com

O15 - Trusted Zone: *.rbb.com

O15 - Trusted Zone: http://*.rbb.com

O15 - Trusted Zone: *.reuters.com

O15 - Trusted Zone: http://*.reuters.com

O15 - Trusted Zone: *.sabrebts.com

O15 - Trusted Zone: http://*.sabrebts.com

O15 - Trusted Zone: *.thomsonib.com

O15 - Trusted Zone: http://*.thomsonib.com

O15 - Trusted Zone: *.webex.com

O15 - Trusted Zone: http://*.webex.com

O15 - Trusted Zone: *.alacra.com (HKLM)

O15 - Trusted Zone: http://*.alacra.com (HKLM)

O15 - Trusted Zone: *.bainsecure.com (HKLM)

O15 - Trusted Zone: http://*.bainsecure.com (HKLM)

O15 - Trusted Zone: *.bts.com (HKLM)

O15 - Trusted Zone: http://*.bts.com (HKLM)

O15 - Trusted Zone: *.ioma.com (HKLM)

O15 - Trusted Zone: http://*.ioma.com (HKLM)

O15 - Trusted Zone: *.rbb.com (HKLM)

O15 - Trusted Zone: http://*.rbb.com (HKLM)

O15 - Trusted Zone: *.reuters.com (HKLM)

O15 - Trusted Zone: http://*.reuters.com (HKLM)

O15 - Trusted Zone: *.sabrebts.com (HKLM)

O15 - Trusted Zone: http://*.sabrebts.com (HKLM)

O15 - Trusted Zone: *.thomsonib.com (HKLM)

O15 - Trusted Zone: http://*.thomsonib.com (HKLM)

O15 - Trusted Zone: *.webex.com (HKLM)

O15 - Trusted Zone: http://*.webex.com (HKLM)

O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://corpmbbos1.bain.com/dashboard/msddsc.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1246376232019

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\Software\..\Telephony: DomainName = workstation.bain.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{79CCC8CE-CF15-4408-B033-C67C06B9DE19}: NameServer = 204.153.232.68 63.127.249.193

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BAIN.COM

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = bain.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bain.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: likufisu.dll c:\winnt\system32\totusoha.dll,pikedahu.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: DWGina - C:\Program Files\DeltaCrypt\DUSKWatch\DUSKWatch.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Backup Exec Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINNT\system32\rpcnet.exe

O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe

O23 - Service: _Microsoft-IMEKRMIG6.1 - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-IMJPMIG8.1 - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-MSPY2002 - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-PHIME2002A - Unknown owner - C:\WINNT\System32\SrvAny.exe

O23 - Service: _Microsoft-PHIME2002ASync - Unknown owner - C:\WINNT\System32\SrvAny.exe

--

End of file - 18198 bytes

Thanks!

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes. If you think you still might be infected then please run the following.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.