Jump to content

Trying to run Malware Getting Runtime 0 amd 440


SCR
 Share

Recommended Posts

Following the instructions to determine why I'm getting these errors. A strange login problem showed up 2 days ago where I do not get my personal settings for backround and icons loaded but get a semi generic login. Thanks for helping me out. Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:23:31 AM, on 10/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\nslsvice.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Smc.exe

C:\Program Files\Symantec AntiVirus\SNAC.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINNT\System32\WLTRYSVC.EXE

C:\WINNT\System32\bcmwltry.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Rockwell\EventServer.exe

C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\PIPC\BIN\pilogsrv.exe

C:\Program Files\PIPC\BIN\pinetmgr.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe

C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE

C:\Program Files\Common Files\Rockwell\RsvcHost.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\PIPC\BIN\pimsgss.exe

C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe

C:\Program Files\Common Files\Rockwell\RnaDirServer.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Symantec AntiVirus\SmcGui.exe

C:\WINNT\system32\hkcmd.exe

C:\WINNT\system32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINNT\stsystra.exe

C:\WINNT\system32\WLTRAY.exe

C:\WINNT\system32\igfxsrvc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINNT\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINNT\system32\ctfmon.exe

C:\WINNT\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINNT\system32\mmc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by International Paper (R1K-GP)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINNT\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINNT\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [usbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .NPSSView: C:\PROGRA~1\SEAGAT~1\Viewers\ACTIVE~1\npssview.dll

O15 - Trusted Zone: http://*.airgas.com

O15 - Trusted Zone: http://pw.bek.com

O15 - Trusted Zone: http://*.bna.com

O15 - Trusted Zone: http://xe.bravosolution.com

O15 - Trusted Zone: http://www.buzone.com

O15 - Trusted Zone: http://*.cch.com

O15 - Trusted Zone: http://*.cexp.com

O15 - Trusted Zone: http://*.cicnet

O15 - Trusted Zone: http://*.cissltd.com

O15 - Trusted Zone: http://*.claritynet.com

O15 - Trusted Zone: http://www.compensationstandards.com

O15 - Trusted Zone: http://*.concursolutions.com

O15 - Trusted Zone: http://www.covisint.com

O15 - Trusted Zone: http://*.cynops.com

O15 - Trusted Zone: http://*.easternconnection.com

O15 - Trusted Zone: http://*.elcompanies.com

O15 - Trusted Zone: http://*.emptoris.com

O15 - Trusted Zone: http://*.facdn.com

O15 - Trusted Zone: http://*.fastenal.com

O15 - Trusted Zone: http://*.fieont13

O15 - Trusted Zone: http://*.fiservhealthservices.com

O15 - Trusted Zone: http://*.fishersci.com

O15 - Trusted Zone: http://*.grainger.com

O15 - Trusted Zone: http://*.hp.com

O15 - Trusted Zone: http://*.hubspan.net

O15 - Trusted Zone: http://*.integreon.com/

O15 - Trusted Zone: http://*.internationalpaper.com

O15 - Trusted Zone: http://*.IPBSIMS

O15 - Trusted Zone: http://*.ipcbpr.com

O15 - Trusted Zone: http://*.ipportal

O15 - Trusted Zone: http://*.ITRS

O15 - Trusted Zone: http://www.marketingiq.com

O15 - Trusted Zone: http://*.mscdirect.com

O15 - Trusted Zone: http://*.msdsonline.com

O15 - Trusted Zone: http://*.mycitrix

O15 - Trusted Zone: http://*.mycitrixtest

O15 - Trusted Zone: http://*.Oracle11i

O15 - Trusted Zone: http://*.peopleclick.com

O15 - Trusted Zone: http://*.pg.com

O15 - Trusted Zone: http://*.pgsupplier.com

O15 - Trusted Zone: http://*.s02acedev

O15 - Trusted Zone: http://*.s02aceprod01

O15 - Trusted Zone: http://*.s02aceprod02

O15 - Trusted Zone: http://*.s02aceprod03

O15 - Trusted Zone: http://*.s02aceprod04

O15 - Trusted Zone: http://*.s02aceprod05

O15 - Trusted Zone: http://*.s02aceprod06

O15 - Trusted Zone: http://*.s02aceprod07

O15 - Trusted Zone: http://*.s02aceprod08

O15 - Trusted Zone: http://*.s02acesbx

O15 - Trusted Zone: http://*.s02ahelpivsprd

O15 - Trusted Zone: http://*.s02avmxpdxrfp

O15 - Trusted Zone: http://*.s519ap04

O15 - Trusted Zone: http://*.s769ap03

O15 - Trusted Zone: http://*.s769ap08

O15 - Trusted Zone: http://*.saddlecrk.com

O15 - Trusted Zone: http://*.sartestream02

O15 - Trusted Zone: http://*.serverdb

O15 - Trusted Zone: http://*.shorepak.com

O15 - Trusted Zone: http://*.smartforce.com

O15 - Trusted Zone: http://*.smurfit.com

O15 - Trusted Zone: http://*.softscape.com

O15 - Trusted Zone: http://partners.staples.com

O15 - Trusted Zone: http://*.stapleslink.com

O15 - Trusted Zone: http://www.staplespartners.com

O15 - Trusted Zone: http://*.stf.com

O15 - Trusted Zone: http://*.sts.com

O15 - Trusted Zone: http://*.studley.com

O15 - Trusted Zone: http://*.svweb

O15 - Trusted Zone: http://*.swebustest2

O15 - Trusted Zone: http://*.swwid1

O15 - Trusted Zone: http://*.bna.tax.com

O15 - Trusted Zone: http://*.tpconline.com

O15 - Trusted Zone: http://*.tymetrix360.com

O15 - Trusted Zone: http://*.virtualearth.net

O15 - Trusted Zone: http://*.windowsupdate.com

O15 - Trusted Zone: http://stream.wishoo.com

O15 - Trusted Zone: http://www.witstracking.net

O15 - Trusted Zone: http://*.x519qalabserv1

O15 - Trusted Zone: http://*.x769qalabserv1

O15 - Trusted Zone: http://*.xatanet.net

O15 - Trusted Zone: http://*.xpedx.com

O15 - Trusted Zone: http://*.airgas.com (HKLM)

O15 - Trusted Zone: http://pw.bek.com (HKLM)

O15 - Trusted Zone: http://*.bna.com (HKLM)

O15 - Trusted Zone: http://xe.bravosolution.com (HKLM)

O15 - Trusted Zone: http://www.buzone.com (HKLM)

O15 - Trusted Zone: http://*.cch.com (HKLM)

O15 - Trusted Zone: http://*.cexp.com (HKLM)

O15 - Trusted Zone: http://*.cicnet (HKLM)

O15 - Trusted Zone: http://*.cissltd.com (HKLM)

O15 - Trusted Zone: http://*.claritynet.com (HKLM)

O15 - Trusted Zone: http://www.compensationstandards.com (HKLM)

O15 - Trusted Zone: http://*.concursolutions.com (HKLM)

O15 - Trusted Zone: http://www.covisint.com (HKLM)

O15 - Trusted Zone: http://*.cynops.com (HKLM)

O15 - Trusted Zone: http://*.easternconnection.com (HKLM)

O15 - Trusted Zone: http://*.elcompanies.com (HKLM)

O15 - Trusted Zone: http://*.emptoris.com (HKLM)

O15 - Trusted Zone: http://*.facdn.com (HKLM)

O15 - Trusted Zone: http://*.fastenal.com (HKLM)

O15 - Trusted Zone: http://*.fieont13 (HKLM)

O15 - Trusted Zone: http://*.fiservhealthservices.com (HKLM)

O15 - Trusted Zone: http://*.fishersci.com (HKLM)

O15 - Trusted Zone: http://*.grainger.com (HKLM)

O15 - Trusted Zone: http://*.hp.com (HKLM)

O15 - Trusted Zone: http://*.hubspan.net (HKLM)

O15 - Trusted Zone: http://*.integreon.com/ (HKLM)

O15 - Trusted Zone: http://*.internationalpaper.com (HKLM)

O15 - Trusted Zone: http://*.IPBSIMS (HKLM)

O15 - Trusted Zone: http://*.ipcbpr.com (HKLM)

O15 - Trusted Zone: http://*.ipportal (HKLM)

O15 - Trusted Zone: http://*.ITRS (HKLM)

O15 - Trusted Zone: http://www.marketingiq.com (HKLM)

O15 - Trusted Zone: http://*.mscdirect.com (HKLM)

O15 - Trusted Zone: http://*.msdsonline.com (HKLM)

O15 - Trusted Zone: http://*.mycitrix (HKLM)

O15 - Trusted Zone: http://*.mycitrixtest (HKLM)

O15 - Trusted Zone: http://*.Oracle11i (HKLM)

O15 - Trusted Zone: http://*.peopleclick.com (HKLM)

O15 - Trusted Zone: http://*.pg.com (HKLM)

O15 - Trusted Zone: http://*.pgsupplier.com (HKLM)

O15 - Trusted Zone: http://*.s02acedev (HKLM)

O15 - Trusted Zone: http://*.s02aceprod01 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod02 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod03 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod04 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod05 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod06 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod07 (HKLM)

O15 - Trusted Zone: http://*.s02aceprod08 (HKLM)

O15 - Trusted Zone: http://*.s02acesbx (HKLM)

O15 - Trusted Zone: http://*.s02ahelpivsprd (HKLM)

O15 - Trusted Zone: http://*.s02avmxpdxrfp (HKLM)

O15 - Trusted Zone: http://*.s519ap04 (HKLM)

O15 - Trusted Zone: http://*.s769ap03 (HKLM)

O15 - Trusted Zone: http://*.s769ap08 (HKLM)

O15 - Trusted Zone: http://*.saddlecrk.com (HKLM)

O15 - Trusted Zone: http://*.sartestream02 (HKLM)

O15 - Trusted Zone: http://*.serverdb (HKLM)

O15 - Trusted Zone: http://*.shorepak.com (HKLM)

O15 - Trusted Zone: http://*.smartforce.com (HKLM)

O15 - Trusted Zone: http://*.smurfit.com (HKLM)

O15 - Trusted Zone: http://*.softscape.com (HKLM)

O15 - Trusted Zone: http://partners.staples.com (HKLM)

O15 - Trusted Zone: http://*.stapleslink.com (HKLM)

O15 - Trusted Zone: http://www.staplespartners.com (HKLM)

O15 - Trusted Zone: http://*.stf.com (HKLM)

O15 - Trusted Zone: http://*.sts.com (HKLM)

O15 - Trusted Zone: http://*.studley.com (HKLM)

O15 - Trusted Zone: http://*.svweb (HKLM)

O15 - Trusted Zone: http://*.swebustest2 (HKLM)

O15 - Trusted Zone: http://*.swwid1 (HKLM)

O15 - Trusted Zone: http://*.bna.tax.com (HKLM)

O15 - Trusted Zone: http://*.tpconline.com (HKLM)

O15 - Trusted Zone: http://*.tymetrix360.com (HKLM)

O15 - Trusted Zone: http://*.virtualearth.net (HKLM)

O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)

O15 - Trusted Zone: http://stream.wishoo.com (HKLM)

O15 - Trusted Zone: http://www.witstracking.net (HKLM)

O15 - Trusted Zone: http://*.x519qalabserv1 (HKLM)

O15 - Trusted Zone: http://*.x769qalabserv1 (HKLM)

O15 - Trusted Zone: http://*.xatanet.net (HKLM)

O15 - Trusted Zone: http://*.xpedx.com (HKLM)

O15 - ESC Trusted Zone: http://*.cissltd.com (HKLM)

O16 - DPF: {9A4527F8-164E-11D6-9919-0050045692D7} (WebMultiViewerCtrl.WebMultiViewer) - http://s31dappsafety/skillsnow/CAB/WebViewer.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.ipaper.com

O17 - HKLM\Software\..\Telephony: DomainName = na.ipaper.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.ipaper.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.ipaper.com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.ipaper.com

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: PI-Buffer Server (bufserv) - OSI Software Inc. - C:\Program Files\PIPC\BIN\bufserv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe

O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe

O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINNT\system32\nslsvice.exe

O23 - Service: M86 Security Authenticator (M86_Auth) - M86 Security - C:\Program Files\M86 Security\Authenticator\Authenticat_s.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\OpcEnum.exe

O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\Program Files\PIPC\BIN\pilogsrv.exe

O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pimsgss.exe

O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pinetmgr.exe

O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe

O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe

O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe

O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe

O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe

O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE

O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

--

End of file - 20019 bytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4363

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

7/28/2010 9:17:33 AM

mbam-log-2010-07-28 (09-17-33).txt

Scan type: Full scan (C:\|)

Objects scanned: 372733

Time elapsed: 1 hour(s), 9 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\1 (Malware.Trace) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Software\MICROSOFT_.NET_FRAMEWORK_2.0\svchost.exe (Trojan.Dropper) -> No action taken.

C:\Software\Symantec_NortonAntivirus_9.0.3MR3_MP1\svchost.exe (Trojan.Dropper) -> No action taken.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.