Jump to content

braider

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is my Malware log file after I clicked remove selected. Malwarebytes' Anti-Malware 1.41 Database version: 3056 Windows 5.1.2600 Service Pack 3 10/30/2009 11:29:16 AM mbam-log-2009-10-30 (11-29-16).txt Scan type: Quick Scan Objects scanned: 256005 Time elapsed: 20 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seloyefep (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\guwevabip (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fivipute.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fivipute.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> Delete on reboot. ******************************************************************************* Here is the 1st OTL file ******************************************************************************* OTL logfile created on: 10/30/2009 11:31:01 AM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\loni\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 5500 6500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.03 Gb Total Space | 259.23 Gb Free Space | 86.98% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 55.75 Gb Total Space | 25.40 Gb Free Space | 45.56% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: DISPATCH05 Current User Name: loni Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\loni\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe () PRC - C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe () PRC - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe () PRC - C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe ( ) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Program Files\RealVNC\VNC4\vncclipboard.exe (RealVNC Ltd.) PRC - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) PRC - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe (Symantec Corporation) PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ASFIPmon [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Cwbrxd [On_Demand | Stopped]) -- C:\WINDOWS\CWBRXD.EXE (IBM Corporation) SRV - (DLOChangeJournalSvc [Auto | Running]) -- C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe (Symantec Corporation) SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (MegaMonitorSrv [Auto | Running]) -- C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe () SRV - (MSMFramework [Auto | Running]) -- C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe () SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (ntrtscan [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.) SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (TMBMServer [On_Demand | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe () SRV - (tmlisten [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.) SRV - (TmPfw [On_Demand | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.) SRV - (TmProxy [On_Demand | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) SRV - (VPREMOTE [On_Demand | Stopped]) -- C:\TEMP\Clt-Inst\vpremote.exe (Symantec Corporation) SRV - (WinVNC4 [Auto | Running]) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation) DRV - (BASFND [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation) DRV - (Bic [Auto | Running]) -- C:\WINDOWS\system32\drivers\bic.sys (Microsoft Corporation) DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABMFSM.SYS (Roxio) DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABOIOM.SYS (Roxio) DRV - (DLACDBHM [boot | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio) DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLADResM.SYS (Roxio) DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS (Roxio) DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS (Roxio) DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAPoolM.SYS (Roxio) DRV - (DLARTL_M [system | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio) DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS (Roxio) DRV - (DRVMCDB [boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio) DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (iaStor [boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SenFiltService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Senfilt.sys (Sensaura) DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (SYMMPI [boot | Running]) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic) DRV - (tmactmon [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys (Trend Micro Inc.) DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmevtmgr [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (TmFilter [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys (Trend Micro Inc.) DRV - (TmPreFilter [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys (Trend Micro Inc.) DRV - (tmtdi [system | Running]) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.) DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (vncmirror [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vncmirror.sys (RealVNC Ltd.) DRV - (VSApiNt [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys (Trend Micro Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\loni\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\System32\fivipute.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/20 13:01:40 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M] O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\MB1\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Popup] C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe ( ) O4 - HKLM..\Run: [seloyefep] C:\WINDOWS\System32\fivipute.DLL () O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Backup Exec Desktop Agent.lnk = C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe (Symantec Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1212012338520 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.101.5 192.168.102.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = united-cs.dom O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (ruvisape.dll) - File not found O20 - AppInit_DLLs: (c:\windows\system32\fivipute.dll) - C:\WINDOWS\System32\fivipute.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ppeclt: DllName - PPEClt.dll - C:\WINDOWS\System32\PPEClt.dll (ANIXIS) O21 - SSODL: guwevabip - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - C:\WINDOWS\System32\fivipute.dll () O22 - SharedTaskScheduler: {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - kupuhivus - C:\WINDOWS\System32\fivipute.dll () O24 - Desktop Components:0 () - file:///C:/DOCUME~1/loni/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg O24 - Desktop Components:1 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/06 18:09:26 | 00,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008/06/06 18:09:26 | 00,000,004 | ---- | M] () - C:\autoexec.kfx -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/27 09:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/10/27 09:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/27 09:31:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\loni\Application Data\Malwarebytes [2009/10/27 09:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/27 09:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\MB1 [2009/10/30 11:05:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\loni\Desktop\OTL.exe [2009/10/30 09:53:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\loni\Desktop\HJTInstall.exe [2009/10/27 16:40:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/10/27 09:52:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/27 09:52:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/27 09:23:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2009/10/16 03:06:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU [2009/10/16 03:04:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU [2009/10/06 07:28:24 | 00,059,920 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys [2009/10/06 07:28:24 | 00,050,704 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys ========== Files - Modified Within 30 Days ========== [2009/10/30 11:05:26 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\loni\Desktop\OTL.exe [2009/10/30 09:54:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\loni\Desktop\HijackThis.lnk [2009/10/30 09:53:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\loni\Desktop\HJTInstall.exe [2009/10/30 09:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/30 08:56:48 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\Check DLO Updates.job [2009/10/30 08:53:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/29 18:37:07 | 00,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\display1.ws [2009/10/29 18:36:59 | 00,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\display2.ws [2009/10/29 17:00:07 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ogfvzdha.job [2009/10/29 16:00:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/29 16:00:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/29 15:32:13 | 34,871,91040 | -HS- | M] () -- C:\hiberfil.sys [2009/10/29 15:31:01 | 00,004,100 | -H-- | M] () -- C:\WINDOWS\System32\dabafela [2009/10/29 12:49:41 | 00,016,037 | ---- | M] () -- C:\WINDOWS\cfgall.ini [2009/10/27 16:42:52 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2009/10/27 16:42:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/10/27 16:42:52 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2009/10/26 09:08:06 | 00,010,260 | ---- | M] () -- C:\WINDOWS\cfgrs_ex.ini [2009/10/26 09:08:05 | 00,011,179 | ---- | M] () -- C:\WINDOWS\cfgrs.ini [2009/10/25 07:56:37 | 00,005,970 | ---- | M] () -- C:\WINDOWS\rvi.ini [2009/10/16 03:20:30 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/10/16 03:16:04 | 00,524,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/16 03:16:03 | 00,617,222 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/16 03:16:03 | 00,100,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/16 03:12:06 | 00,001,829 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files - No Company Name ========== [2009/10/30 09:54:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\loni\Desktop\HijackThis.lnk [2009/10/28 02:59:10 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ogfvzdha.job [2009/10/27 09:27:12 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/09/09 18:31:11 | 00,010,260 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini [2009/09/09 18:31:10 | 00,011,179 | ---- | C] () -- C:\WINDOWS\cfgrs.ini [2009/07/29 14:59:57 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\fivipute.dll [2009/07/28 02:59:09 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\hedafatu.dll [2009/03/02 16:26:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\loni\Application Data\desktop.ini [2009/03/02 16:26:32 | 00,068,848 | ---- | C] () -- C:\Documents and Settings\loni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/03/02 16:26:31 | 02,708,676 | -H-- | C] () -- C:\Documents and Settings\loni\Local Settings\Application Data\IconCache.db [2009/02/20 14:39:03 | 00,002,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate [2009/02/04 23:57:54 | 00,016,037 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2008/06/06 18:11:21 | 00,001,750 | ---- | C] () -- C:\WINDOWS\KPMSW.INI [2008/06/06 18:11:21 | 00,001,583 | ---- | C] () -- C:\WINDOWS\KPMADR.INI [2008/06/06 18:11:21 | 00,001,558 | ---- | C] () -- C:\WINDOWS\KPM.INI [2008/06/06 18:11:10 | 00,107,520 | ---- | C] () -- C:\WINDOWS\System32\BicLdr32.DLL [2008/06/06 18:11:05 | 00,001,720 | ---- | C] () -- C:\WINDOWS\KOFAX200.INI [2008/06/06 18:11:04 | 00,083,456 | ---- | C] () -- C:\WINDOWS\System32\KCL310.DLL [2008/06/06 18:11:04 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\KDB310.DLL [2008/06/06 17:44:04 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL [2008/06/04 09:16:03 | 00,000,131 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/06/02 10:49:43 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll [2008/06/02 10:49:43 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll [2008/06/02 10:49:43 | 00,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll [2008/06/02 10:49:43 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll [2008/06/02 10:49:43 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll [2008/06/02 10:49:43 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll [2008/06/02 10:49:43 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll [2008/06/02 10:49:42 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll [2008/06/02 10:15:45 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\Img32vi.dll [2008/06/02 10:15:45 | 00,070,144 | ---- | C] () -- C:\WINDOWS\System32\Img32awd.dll [2008/05/19 12:33:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/05/19 12:14:49 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/05/19 11:40:19 | 00,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007/07/05 18:13:10 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\AlertStrings.dll [2007/06/25 13:46:22 | 00,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2007/06/25 13:46:20 | 00,880,640 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll [2007/01/03 11:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/01/03 11:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/01/03 11:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/11 17:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/08/11 17:00:37 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini [2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2002/01/02 13:13:42 | 00,005,970 | ---- | C] () -- C:\WINDOWS\rvi.ini [2000/06/06 16:03:14 | 00,003,026 | ---- | C] () -- C:\WINDOWS\SigPlus.ini [2000/04/12 20:28:12 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2000/04/12 20:24:10 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL ========== LOP Check ========== [2009/10/27 09:52:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2008/06/02 11:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDE [2008/05/19 12:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2009/10/28 13:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2009/10/27 09:31:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\loni\Application Data [2009/03/10 15:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\loni\Application Data\CyberLink [2009/03/02 16:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\loni\Application Data\Windows Desktop Search [2009/10/30 09:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/30 08:56:48 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\Check DLO Updates.job [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/29 17:00:07 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ogfvzdha.job [2009/10/29 16:00:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report > ************************************************ Here is the 2nd OTL FIle ************************************************ OTL Extras logfile created on: 10/30/2009 11:31:01 AM - Run 1 OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\loni\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 5500 6500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.03 Gb Total Space | 259.23 Gb Free Space | 86.98% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 55.75 Gb Total Space | 25.40 Gb Free Space | 45.56% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: DISPATCH05 Current User Name: loni Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "20032:TCP" = 20032:TCP:*:Enabled:Trend Micro OfficeScan Listener [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe" = C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe:*:Disabled:popup -- ( ) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Enabled:logon -- (Microsoft Corporation) "C:\Milsoft\DisSPatch\DisSPatch.exe" = C:\Milsoft\DisSPatch\DisSPatch.exe:*:Enabled:DisSPatch -- (Milsoft Utility Solutions, Inc.) "C:\Program Files\Analog Devices\Core\smax4pnp.exe" = C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:smax4pnp -- (Analog Devices, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe" = C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe:*:Disabled:popup -- ( ) "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.) "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{09A02B7A-45A5-4E24-9AF3-14B8A86E18CA}" = Dell SAS RAID Storage Manager "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{0F40C786-32DD-4BD9-8E86-B57D015F6657}" = Password Policy Client 5.1 "{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{26EBB7C9-688F-4C00-A7C6-03C1C08B98E9}" = ShowCase Suite 8.0 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{418C56ED-7884-4217-AC65-224489CB7BC8}" = Real Vision Software Imaging System "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9081C1BD-7244-4C60-A945-745449B9858A}" = Unified Messaging for Microsoft Exchange "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation "{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2BE4C7A-DDB0-4A2F-B3DD-534A891E6255}" = Symantec Backup Exec Desktop Agent "{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime "Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.2 Standard "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Calls Manager Start Icons_is1" = Calls Manager Start Icons "ClientAccessExpress" = IBM iSeries Access for Windows "Davacord DigiVoice Client Software" = Davacord DigiVoice Client Software 4.1.0.0 "DisSPatch OMS Clients_is1" = DisSPatch OMS "Formatta Filler 7.0" = Formatta Filler 7.0 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{09A02B7A-45A5-4E24-9AF3-14B8A86E18CA}" = Dell SAS RAID Storage Manager v2.16-00 "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "OfficeScanNT" = Trend Micro OfficeScan Client "Partner" = Partner (remove icons only) "PROHYBRIDR" = 2007 Microsoft Office system "RealVNC_is1" = VNC Enterprise Edition E4.5 "SearchAssist" = SearchAssist "ST6UNST #1" = Emergency Outage "ST6UNST #2" = Billing History Viewer "ST6UNST #3" = Emergency Outage (C:\Program Files\Outage\) "VNCMirror_is1" = VNC Mirror Driver 1.8.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/29/2009 3:57:54 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = SDisplay: clipboard: OpenClipboard(getText): The operation completed successfully. (0) Error - 10/29/2009 4:23:59 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400 Error - 10/29/2009 4:23:59 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400 Error - 10/29/2009 4:25:26 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400 Error - 10/29/2009 4:25:26 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400 Error - 10/29/2009 4:30:40 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = ClipboardConnection: vncclipboard authentication failed Error - 10/29/2009 5:00:17 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = TcpListenerManager: not listening on IPv6: unable to create listening socket: An address incompatible with the requested protocol was used. (10047) Error - 10/29/2009 5:00:17 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = TcpListenerManager: not listening on IPv6: unable to create listening socket: An address incompatible with the requested protocol was used. (10047) Error - 10/29/2009 5:00:17 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1 Description = TcpListenerManager: not listening on IPv6: unable to create listening socket: An address incompatible with the requested protocol was used. (10047) Error - 10/29/2009 5:00:55 PM | Computer Name = DISPATCH05 | Source = UserInit | ID = 1000 Description = Could not execute the following script \\united-cs.dom\NETLOGON\DST2007Update.cmd. The system cannot find the file specified. . [ System Events ] Error - 10/26/2009 3:30:31 PM | Computer Name = DISPATCH05 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 10/26/2009 5:46:57 PM | Computer Name = DISPATCH05 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 10/26/2009 6:08:10 PM | Computer Name = DISPATCH05 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 10/27/2009 10:24:02 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect. Error - 10/27/2009 10:24:02 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7000 Description = The Lavasoft Ad-Aware Service service failed to start due to the following error: %%1053 Error - 10/27/2009 10:28:33 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service service to connect. Error - 10/27/2009 10:28:33 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7000 Description = The OfficeScan NT Proxy Service service failed to start due to the following error: %%1053 Error - 10/27/2009 10:29:05 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service service to connect. Error - 10/27/2009 10:29:05 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7000 Description = The OfficeScan NT Proxy Service service failed to start due to the following error: %%1053 < End of report >
  2. I can't get rid of the vundo trojan. Malwarebytes detects and remove the trojan but then it returns when I reboot. Here is the malware log and the hijack this log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:54:15 AM, on 10/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\MB1\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [seloyefep] Rundll32.exe "c:\windows\system32\fivipute.dll",a O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Symantec Backup Exec Desktop Agent.lnk = C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1212012338520 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = united-cs.dom O17 - HKLM\Software\..\Telephony: DomainName = united-cs.dom O17 - HKLM\System\CCS\Services\Tcpip\..\{8E76BE33-490B-4D98-8247-5B7BF702D471}: NameServer = 192.168.101.5 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = united-cs.dom O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = united-cs.dom O20 - AppInit_DLLs: ruvisape.dll c:\windows\system32\fivipute.dll O21 - SSODL: guwevabip - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - c:\windows\system32\fivipute.dll O22 - SharedTaskScheduler: kupuhivus - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - c:\windows\system32\fivipute.dll O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec Backup Exec Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Symantec Corporation - C:\TEMP\Clt-Inst\vpremote.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/loni/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg -- End of file - 11676 bytes Malwarebytes' Anti-Malware 1.41 Database version: 3056 Windows 5.1.2600 Service Pack 3 10/30/2009 10:43:19 AM mbam-log-2009-10-30 (10-43-12).txt Scan type: Quick Scan Objects scanned: 256026 Time elapsed: 21 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seloyefep (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\guwevabip (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fivipute.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fivipute.dll -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\helohiro.dll (Trojan.Vundo) -> No action taken.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.