Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Another computer, another malware (hijack log included)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 1:01 pm

So then also .reg file association is messed up :roll:

Let's find out if there are more

Please download DAFT and save it to your desktop:
  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.

Post the contents of that logfile with your next post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 1:43 pm

Hi Shaba,
I'm having problems now with posting in safe mode(my keyboard is freezing up and at times I cannot get into safe mode and have to reboot again). I'm on another computer right now.
I can't post the log file, but here are the contents of the daft file.

DAFT Log saved on 2008-08-13 14:09:50

.bat - batfile - shell\open\command - unable to read value
.cmd - cmdfile.................same as above.....................
.com - comfile.................same as above....................
.pif - piffile......................same as above...................
.reg - regfile.....................same as above...................
.scr - scrfile......................same as above..................

thanks again

snauss
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 1:49 pm

Thanks, that is enough :)

  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.
  3. Place a checkmark next to the following entries:

    .bat
    .cmd
    .com
    .pif
    .reg
    .scr

  4. Click the Fix button.
  5. Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 1:55 pm

Hello again...

I did as you said and it did not save a log.
But I rescanned and it says all associations are ok.

snauss
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 1:59 pm

Great :)

Now try to re-run sdfix.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 2:09 pm

Wow....everytime I start SDFix, it freezes before I can type in Y.
Any ideas?

snauss
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 2:22 pm

Do you have wireless keyboard?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 2:23 pm

No, it is a usb...same with the mouse.
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 2:25 pm

sorry ,that should read ps/2 not usb
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 2:31 pm

OK, then we just another tool

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 2:38 pm

Hi Shaba

I tried to run SDFix again before I got your last post and it is running as we speak. I'll let you know the results.

Thanks again!

snauss
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 2:53 pm

Great, I'll be waiting for logs :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 3:07 pm

Well SDFix has stalled by the looks of things, it ran until 50%, then scrolled down saying it could not find the specified path...then just stopped with nothing on the screen. The curser is still there and it moves, but doen't appear to be doing anything else. Should it take longer than 30 minutes?

Thanks

snauss
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm

Re: Another computer, another malware (hijack log included)

Unread postby Shaba » August 13th, 2008, 3:13 pm

You can let it run for another 30 mins.

If no go, please proceed with combofix :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Another computer, another malware (hijack log included)

Unread postby snauss » August 13th, 2008, 3:57 pm

Hi Shaba....logs as requested.
ComboFix 08-08-12.01 - Mike & Sharon 2008-08-13 16:40:14.7 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.809 [GMT -3:00]
Running from: C:\Documents and Settings\Mike & Sharon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mike & Sharon\Desktop\WinXP_EN_HOM_BF.EXE
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\Mike & Sharon\Application Data\macromedia\Flash Player\#SharedObjects\C6RWT3BH\interclick.com
C:\Documents and Settings\Mike & Sharon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\system32\blphc1b8j0erf1.scr
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\cmprop.dll
C:\WINDOWS\system32\cmsetac.dll
C:\WINDOWS\system32\lphc1b8j0erf1.exe
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\phc1b8j0erf1.bmp
C:\WINDOWS\system32\pphc1b8j0erf1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-13 15:37 . 2008-08-13 15:37 577,024 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
2008-08-13 15:33 . 2008-08-13 15:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-13 11:47 . 2008-08-13 16:29 <DIR> d-------- C:\SDFix
2008-08-13 09:48 . 2008-08-13 09:48 <DIR> d-------- C:\Program Files\Avira
2008-08-13 09:48 . 2008-08-13 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-12 12:46 . 2008-08-12 12:46 <DIR> d-------- C:\Program Files\ednppsf
2008-08-12 12:46 . 2008-08-12 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dgdutafs
2008-08-12 12:45 . 2008-08-12 12:45 45,056 --a------ C:\WINDOWS\services.exe
2008-08-10 16:29 . 2008-08-10 16:29 <DIR> d-------- C:\Program Files\Flux
2008-08-02 21:06 . 2008-08-02 21:18 716 --a------ C:\scope

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 18:19 25,472 ----a-w C:\WINDOWS\system32\drivers\Chl83.sys
2008-08-07 00:09 --------- d-----w C:\Program Files\Plextor
2008-06-25 18:18 --------- d-----w C:\Program Files\EPSON Print CD
2008-06-17 15:40 --------- d-----w C:\Program Files\iZotope
2008-04-20 00:25 101,192 ----a-w C:\Documents and Settings\Mike & Sharon\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrDb"="C:\WINDOWS\system32\rgnybank.exe" [2008-08-12 12:46 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 14:16 5058560]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-02 12:40 155648]
"M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-27 00:43 56320]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]
"EW Message Server"="msg32.exe" [2003-02-26 20:03 45056 C:\WINDOWS\SYSTEM32\Msg32.exe]
"DeltTray"="DeltTray.exe" [2004-08-27 00:43 56320 C:\WINDOWS\SYSTEM32\DeltTray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-10-06 14:16 49152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"GenActMsg"= {2EF26493-ECFD-4DD1-ABDF-03A50288E9C3} - C:\Program Files\ednppsf\GenActMsg.dll [2008-08-12 12:46 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax
"vidc.dvsd"= dvc.dll
"msacm.dvacm"= dvacm.acm
"VIDC.YMPG"= ympgcdc.dll
"msacm.ympgacm"= ympgacm.acm
"Midi1"= gmidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike & Sharon^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Mike & Sharon\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-10-12 18:13 7086080 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-02 12:40 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"svchost"=2 (0x2)
"runbatch"=2 (0x2)
"ntsysvers"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 BTMgr;Bluelet Device Manager Service;C:\WINDOWS\system32\Drivers\BTMgr.sys [2002-06-12 14:43]
R2 JamLabInstallerService;JamLab Installer;C:\Program Files\M-Audio\JamLab\JamLabInst.exe [2006-01-09 17:39]
R3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys [2003-02-26 20:04]
R3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys [2003-02-26 20:13]
R3 GBGSIF;FX-MAX virtual GSIF driver;C:\WINDOWS\system32\Drivers\GBGSIF.sys [2005-03-07 00:21]
R3 hypaudio;hypaudio;C:\WINDOWS\system32\DRIVERS\hypaudio.sys [2006-05-30 16:20]
R3 hypkern;hypkern;C:\WINDOWS\system32\drivers\hypkern.sys [2006-05-30 16:20]
R3 MAWGSIF;MOTU PCI GSIF Driver;C:\WINDOWS\system32\drivers\MAWGSIF.sys [2004-07-21 16:05]
R3 MotuAW;MotuAW;C:\WINDOWS\system32\drivers\MotuAW.sys [2004-07-21 16:03]
R3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys [2003-02-26 20:06]
R3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2002-11-25 03:46]
S3 82827bba-7380-4b11-bfe5-ff053dc5ed6c;82827bba-7380-4b11-bfe5-ff053dc5ed6c;D:\CDS300\cds300.dll []
S3 Btusb;Bluetooth USB;C:\WINDOWS\system32\Drivers\Btusb.sys [2001-12-10 15:16]
S3 FILEMON;FILEMON;C:\Documents and Settings\Mike & Sharon\Desktop\sammon\FILEMON.SYS []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 gsif324;GSIF Driver for MOTU 324;C:\WINDOWS\system32\drivers\gsif324.sys []
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;C:\MAGIX\Samplitude_V8_professional\mxasio.sys [2002-04-16 12:10]
S3 MAUSBJL;Service for M-Audio JamLab Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausbjl.sys [2006-02-01 10:25]
S3 MAWWAVE;MOTU PCI Wave Driver;C:\WINDOWS\system32\drivers\MAWWAVE.sys []
S3 NUVision;NUVision Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-09-20 07:58]
S3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys []
S3 w324drvr;w324drvr;C:\WINDOWS\system32\drivers\w324drvr.sys []
S4 ntsysvers;FireDaemon Service: ntsysvers;c:\windows\system32\dllcache\FireDaemon.EXE []
S4 runbatch;FireDaemon Service: runbatch;c:\windows\system32\dllcache\FireDaemon.EXE []

*Newly Created Service* - AVGNTFLT
*Newly Created Service* - FILESPY
*Newly Created Service* - NSTATION
*Newly Created Service* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
rundll32 sxmg4.dll,InitModule
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ca/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dellnet.com/

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 16:45:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-13 16:53:17 - machine was rebooted [Mike & Sharon]
ComboFix-quarantined-files.txt 2008-08-13 19:53:12

Pre-Run: 7,144,902,656 bytes free
Post-Run: 7,505,133,568 bytes free

WinXP_EN_HOM_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

192
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:16 PM, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\M-Audio\JamLab\JamLabInst.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msg32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rgnybank.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EW Message Server] msg32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [StrDb] C:\WINDOWS\system32\rgnybank.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: GenActMsg - {2EF26493-ECFD-4DD1-ABDF-03A50288E9C3} - C:\Program Files\ednppsf\GenActMsg.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JamLab Installer (JamLabInstallerService) - M-Audio - C:\Program Files\M-Audio\JamLab\JamLabInst.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4787 bytes
snauss
Regular Member
 
Posts: 31
Joined: July 30th, 2008, 12:44 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 161 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware