Jump to content

SystemTools 2011


Lorgeo

Recommended Posts

Hi,

Hope you can help with this!!

PC was booted this a.m. emails checked (standard stuff) Suddenly got a popup saying "You are not protected click here" DID NOT CLICK. Tried to run Malwarebytes, but some other app started. Closed this and went back to Malwarebytes, message said it (MB)was infected. Shut down , started in safe mode, ran MB which found 1 trojan. Removed that. Started PC regularly and same scenario started. Can't run McAfee. Ran Hijack This (copied below). Copied log and emailed from laptop.

Thanks!!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:56:11 AM, on 1/10/2011

Platform: Windows Vista SP2 (WinNT

6.00.1906)

MSIE: Internet Explorer v8.00

(8.00.6001.18999)

Boot mode: Safe mode

Running processes:

C:\Users\Sharon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?

LinkId=69157

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page = C:\Windows

\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Internet

Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows

\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:57273

R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-

E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files (x86)\Java\jre6\bin

\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-

4E79-B68D-6309F01C5231} - C:\Program Files

(x86)\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO -

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} -

c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Browser Address Error Redirector

- {CA6319C0-31B7-401E-A518-A07C3DB8F777} -

C:\Program Files (x86)\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar -

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [DELL Webcam Manager]

"C:\Program Files (x86)\Dell\Dell Webcam

Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [startCCC] "C:\Program

Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\CLIStart.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:

\Program Files (x86)\Common Files\Roxio

Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [Dell DataSafe Online]

"C:\Program Files (x86)\Dell DataSafe

Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [OEM05Mon.exe] C:

\Windows\OEM05Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:

\Program Files (x86)\Java\jre6\bin

\jusched.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program

Files (x86)\McAfee.com\Agent\mcagent.exe"

/runkey

O4 - HKLM\..\Run: [McENUI] C:

\PROGRA~2\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [Adobe Reader Speed

Launcher] "C:\Program Files (x86)\Adobe

\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program

Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-

Malware (reboot)] "C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbam.exe"

/runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program

Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program

Files (x86)\Microsoft Money\System\Money

Express.exe"

O4 - HKCU\..\Run: [sightSpeed] "C:\Program

Files (x86)\Dell Video Chat

\DellVideoChat.exe" -bootmode

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program

Files (x86)\Windows Media Player

\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [fJmOi08200] C:

\ProgramData\fJmOi08200\fJmOi08200.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar]

%ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run:

[WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar]

%ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:

\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q c:

\users\sharon\appdata\local\temp

\TEMPOR~1\Content.SH! c:\users\sharon

\appdata\local\temp\TEMPOR~1.SH! c:\users

\sharon\appdata\local\temp\History

\History.SH! c:\users\sharon\appdata\local

\temp\History.SH! c:\users\sharon\appdata

\local\temp\Cookies.SH! (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:

\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q c:

\users\sharon\appdata\local\temp

\TEMPOR~1\Content.SH! c:\users\sharon

\appdata\local\temp\TEMPOR~1.SH! c:\users

\sharon\appdata\local\temp\History

\History.SH! c:\users\sharon\appdata\local

\temp\History.SH! c:\users\sharon\appdata

\local\temp\Cookies.SH! (User 'Default

user')

O4 - Startup: Dell Dock.lnk = C:\Program

Files\Dell\DellDock\DellDock.exe

O4 - Startup: Displaysoft Online Updates -

C--DSI-FIDLITE.lnk = C:\DSI\FIDLITE

\inetupapp.exe

O4 - Startup: Displaysoft Online Updates -

c--DSI-OLDREPLITE.lnk = C:\DSI\OLDREPLITE

\inetupapp.exe

O4 - Startup: Displaysoft Online Updates -

c--DSI-OLDREPLITE2.lnk = C:\DSI

\OLDREPLITE2\inetupapp.exe

O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to

OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:

\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-

18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone:

http://www.caldirectsecuredocs.com

O15 - Trusted Zone:

http://microsite.coupons.com

O15 - Trusted Zone:

http://www.ditechsecuredocs.com

O15 - Trusted Zone:

http://www.ditechsecuredocs.net

O15 - Trusted Zone: http://www.docmagic.com

O15 - Trusted Zone: http://ctest.elynx.net

O15 - Trusted Zone: http://forms.elynx.net

O15 - Trusted Zone:

http://gmacforms.elynx.net

O15 - Trusted Zone: http://pro.elynx.net

O15 - Trusted Zone: http://secure.elynx.net

O15 - Trusted Zone: http://usign.elynx.net

O15 - Trusted Zone:

http://webpost.elynx.net

O15 - Trusted Zone:

http://www.gmacmsecuredocs.com

O15 - Trusted Zone:

http://www.gmacmsecuredocs.net

O15 - Trusted Zone:

http://www.gmamcsecuredocs.com

O15 - Trusted Zone:

http://loandocs.ss3.swiftsend.com

O15 - Trusted Zone:

http://docs.swiftsend.com

O15 - Trusted Zone:

http://loandocs.swiftsend.com

O15 - Trusted Zone:

http://docs.swiftsend2.com

O15 - Trusted Zone:

http://loandocs.swiftsend2.com

O15 - Trusted Zone:

http://www.swiftview.com

O15 - Trusted Zone:

http://www.wamuloandocs.com

O16 - DPF: {30528230-99f7-4bb4-88d8-

fa1d4f56a2ab} (Installation Support) - C:

\Program Files (x86)\Yahoo!\Common

\Yinsthelper20073151.dll

O18 - Protocol: dssrequest - {5513F07E-

936B-4E52-9B00-067394E91CC5} - c:

\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-

4E52-9B00-067394E91CC5} - c:

\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: @%SystemRoot%

\system32\Alg.exe,-112 (ALG) - Unknown

owner - C:\Windows\System32\alg.exe (file

missing)

O23 - Service: Ati External Event Utility -

Unknown owner - C:\Windows

\system32\Ati2evxx.exe (file missing)

O23 - Service: B-Service - Unknown owner -

C:\Users\Sharon\AppData\Local\Microsoft

\Windows\Temporary Internet Files

\Content.IE5\D7RD6PBX\B-Service.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) -

Unknown owner - C:\Windows

\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service

(DockLoginService) - Stardock Corporation -

C:\Program Files\Dell\DellDock

\DockLogin.exe

O23 - Service: Intel® Matrix Storage

Event Monitor (IAANTMON) - Intel

Corporation - C:\Program Files (x86)\Intel

\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) -

Unknown owner - C:\Windows

\system32\lsass.exe (file missing)

O23 - Service: McAfee SiteAdvisor Service -

McAfee, Inc. - C:\Program Files

(x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Alcatel-

Lucent - C:\Program Files (x86)\Common

Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-

Lucent - C:\Program Files\Common Files

\Motive\McciCMService.exe

O23 - Service: McAfee Services (mcmscsvc) -

McAfee, Inc. - C:\PROGRA~2\McAfee\MSC

\mcmscsvc.exe

O23 - Service: McAfee Network Agent

(McNASvc) - McAfee, Inc. - c:

\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) -

McAfee, Inc. - C:\PROGRA~1\McAfee

\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service

(McProxy) - McAfee, Inc. - c:

\PROGRA~2\COMMON~1\mcafee\mcproxy

\mcproxy.exe

O23 - Service: McAfee Real-time Scanner

(McShield) - McAfee, Inc. - C:

\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards

(McSysmon) - McAfee, Inc. - C:

\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall

Service (MpfService) - McAfee, Inc. - C:

\Program Files (x86)\McAfee\MPF\MPFSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) -

Unknown owner - C:\Windows

\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%

\System32\netlogon.dll,-102 (Netlogon) -

Unknown owner - C:\Windows

\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%

\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:

\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveShare P2P Server 10

(RoxLiveShare10) - Sonic Solutions - C:

\Program Files (x86)\Common Files\Roxio

Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic

Solutions - C:\Program Files (x86)\Common

Files\Roxio Shared\10.0\SharedCOM

\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10

(RoxWatch10) - Sonic Solutions - C:\Program

Files (x86)\Common Files\Roxio Shared

\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%systemroot%

\system32\Locator.exe,-2 (RpcLocator) -

Unknown owner - C:\Windows

\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%

\system32\samsrv.dll,-1 (SamSs) - Unknown

owner - C:\Windows\system32\lsass.exe (file

missing)

O23 - Service: SessionLauncher - Unknown

owner - C:\Users\ADMINI~1\AppData\Local

\Temp\DX9\SessionLauncher.exe (file

missing)

O23 - Service: @%SystemRoot%

\system32\SLsvc.exe,-101 (slsvc) - Unknown

owner - C:\Windows\system32\SLsvc.exe (file

missing)

O23 - Service: @%SystemRoot%

\system32\snmptrap.exe,-3 (SNMPTRAP) -

Unknown owner - C:\Windows

\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%

\system32\spoolsv.exe,-1 (Spooler) -

Unknown owner - C:\Windows

\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) -

Unknown owner - C:\Windows

\System32\DriverStore\FileRepository

\stwrt64.inf_4b8037c7\STacSV64.exe (file

missing)

O23 - Service: stllssvr - MicroVision

Development, Inc. - C:\Program Files

(x86)\Common Files\SureThing Shared

\stllssvr.exe

O23 - Service: @%SystemRoot%

\system32\ui0detect.exe,-101 (UI0Detect) -

Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%

\system32\vds.exe,-100 (vds) - Unknown

owner - C:\Windows\System32\vds.exe (file

missing)

O23 - Service: @%systemroot%

\system32\vssvc.exe,-102 (VSS) - Unknown

owner - C:\Windows\system32\vssvc.exe (file

missing)

O23 - Service: @%Systemroot%\system32\wbem

\wmiapsrv.exe,-110 (wmiApSrv) - Unknown

owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows

Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:

\Program Files (x86)\Windows Media Player

\wmpnetwk.exe (file missing)

--

End of file - 11584 bytes

Link to post
Share on other sites

Hello Again,

Here's the latest. Came home to the infected PC. Noticed MBAM needed updating and did so. Ran a full scan in safe mode. Found 7 trojans and removed.

(3) Trojan.fakealert

(1) Spyware.passwords.xgen

(1) Trojan.agent

(1) Rogue.systemtool

(1) Rogue.AntivirSolutionPro

Restarted and ran MBAM again (full scan) Ran HijackThis. The logs for both are below. So far so good. Please let me know if I've missed anything. Thanks again!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5500

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

1/10/2011 7:21:10 PM

mbam-log-2011-01-10 (19-21-10).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 318108

Time elapsed: 59 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:22:32 PM, on 1/10/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18999)

Boot mode: Normal

Running processes:

c:\PROGRA~2\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Microsoft Money\System\Money Express.exe

C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe

C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Windows\OEM05Mon.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\DSI\FIDLITE\inetupapp.exe

C:\DSI\OLDREPLITE\inetupapp.exe

C:\DSI\OLDREPLITE2\inetupapp.exe

C:\Program Files (x86)\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Program Files (x86)\Creative Live! Cam\VideoFX\StartFX.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Sharon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57273

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\sharon\appdata\local\temp\TEMPOR~1\Content.SH! c:\users\sharon\appdata\local\temp\TEMPOR~1.SH! c:\users\sharon\appdata\local\temp\History\History.SH! c:\users\sharon\appdata\local\temp\History.SH! c:\users\sharon\appdata\local\temp\Cookies.SH! (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~2\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\sharon\appdata\local\temp\TEMPOR~1\Content.SH! c:\users\sharon\appdata\local\temp\TEMPOR~1.SH! c:\users\sharon\appdata\local\temp\History\History.SH! c:\users\sharon\appdata\local\temp\History.SH! c:\users\sharon\appdata\local\temp\Cookies.SH! (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: Displaysoft Online Updates - C--DSI-FIDLITE.lnk = C:\DSI\FIDLITE\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-OLDREPLITE.lnk = C:\DSI\OLDREPLITE\inetupapp.exe

O4 - Startup: Displaysoft Online Updates - c--DSI-OLDREPLITE2.lnk = C:\DSI\OLDREPLITE2\inetupapp.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.caldirectsecuredocs.com

O15 - Trusted Zone: http://microsite.coupons.com

O15 - Trusted Zone: http://www.ditechsecuredocs.com

O15 - Trusted Zone: http://www.ditechsecuredocs.net

O15 - Trusted Zone: http://www.docmagic.com

O15 - Trusted Zone: http://ctest.elynx.net

O15 - Trusted Zone: http://forms.elynx.net

O15 - Trusted Zone: http://gmacforms.elynx.net

O15 - Trusted Zone: http://pro.elynx.net

O15 - Trusted Zone: http://secure.elynx.net

O15 - Trusted Zone: http://usign.elynx.net

O15 - Trusted Zone: http://webpost.elynx.net

O15 - Trusted Zone: http://www.gmacmsecuredocs.com

O15 - Trusted Zone: http://www.gmacmsecuredocs.net

O15 - Trusted Zone: http://www.gmamcsecuredocs.com

O15 - Trusted Zone: http://loandocs.ss3.swiftsend.com

O15 - Trusted Zone: http://docs.swiftsend.com

O15 - Trusted Zone: http://loandocs.swiftsend.com

O15 - Trusted Zone: http://docs.swiftsend2.com

O15 - Trusted Zone: http://loandocs.swiftsend2.com

O15 - Trusted Zone: http://www.swiftview.com

O15 - Trusted Zone: http://www.wamuloandocs.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: B-Service - Unknown owner - C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7RD6PBX\B-Service.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11936 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.