Jump to content

Weird error message since running anti-malware


shrough

Recommended Posts

This is related to the topic http://www.malwarebytes.org/forums/index.php?showtopic=25716

A quick scan doesn't find anything new, but here is the log from the initial quick scan (after which the problem appeared). I am running a full scan currently and will post if anything new is found:

Malwarebytes' Anti-Malware 1.41

Database version: 2854

Windows 5.1.2600 Service Pack 2

9/23/2009 8:47:23 PM

mbam-log-2009-09-23 (20-47-22).txt

Scan type: Quick Scan

Objects scanned: 127183

Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 3

Files Infected: 45

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippolice_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippolice_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippolice_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\dddesot.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gasfkyeitbdyev.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\system32\gasfkyuyyxmllp.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\system32\gasfkyygmbhumc.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\system32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\gasfkycqoiemuwom.tmp (Rootkit.TDSS) -> Delete on reboot.

C:\WINDOWS\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\msvcm80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\msvcp80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\msvcr80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\windows Police Pro.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\dbsinit.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\wispex.html (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\i1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\i2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\i3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\j1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\j2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\j3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\jj1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\jj2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\jj3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\l1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\l2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\l3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\pix.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\t1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\t2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\up1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\up2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\w1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\w11.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\w2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\w3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\w3.jpg (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\wt1.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\wt2.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\Program Files\Windows Police Pro\tmp\images\wt3.gif (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\sg0199305\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

Finally, here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07:55 PM, on 9/23/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Dash\4990891\Program\ServiceWrapper-4990891.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\The Sabre Group\Sabre32\Cfgsrvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\SQLLIB\bin\db2jds.exe

C:\Program Files\SQLLIB\bin\db2licd.exe

C:\Program Files\SQLLIB\bin\db2sec.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\CfgSrvc.exe

C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe

c:\WINDOWS\system32\IFXSPMGT.exe

c:\WINDOWS\system32\IFXTCS.exe

C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\NAVCOLR.EXE

c:\WINDOWS\system32\IfxPsdSv.exe

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

C:\Program Files\The Sabre Group\Print32\OADP.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Tngsd\BIN\SDSERV.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\UMCSTUB.EXE

C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Tngsd\BIN\TRIGGAG.EXE

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\SxpInst\sxplog32.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Dash\4990891\Program\Dash.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\Microsoft Time Zone\TimeZone.exe

C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\NETGEAR\WG111T\wlan111t.exe

C:\WINDOWS\sabserv.exe

C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe

C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://current.sabre.com/default.aspx

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided by Sabre Inc.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://inet-pac.sabre.com:81/sabre-proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll

O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Documents and Settings\sg0199305\My Documents\VB Stuff\Hotel Geocoder 3\msdxm.ocx

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [iFXSPMGT] c:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon

O4 - HKLM\..\Run: [sxplog] C:\SxpInst\sxpstub.exe

O4 - HKLM\..\Run: [sDJobCheck] triggusr.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [sabre_as] sabre_as.exe

O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [Dash] "C:\Program Files\Dash\4990891\Program\Dash.exe" -startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"

O4 - HKCU\..\Run: [Timezone] "C:\Program Files\Microsoft Time Zone\TimeZone.exe"

O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sg0199305\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1835720910-16632805-3627044903-1010\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'db2admin')

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - S-1-5-21-1835720910-16632805-3627044903-1010 Startup: call_cert_inst.cmd (User 'db2admin')

O4 - S-1-5-21-1835720910-16632805-3627044903-1010 User Startup: call_cert_inst.cmd (User 'db2admin')

O4 - .DEFAULT User Startup: call_cert_inst.cmd (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe

O4 - Global Startup: Dash.lnk = C:\Program Files\Dash\4990891\Program\Dash.exe

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?

O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe

O4 - Global Startup: Start HTML Search Server.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208533676477

O16 - DPF: {6CA6AAD5-385E-40A0-AD5F-544D875A2662} (Pslocalr Class) - https://password.sabre.com/instance1/docs/pslocalr.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208533670413

O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://websource.sabre.com/nortel_cacheable/iewiper.cab

O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://hrcomptool.sabre.com/org/codebase60/OrgPubX.cab

O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} (AxLoaderPassword Class) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookworma...ader_v10_en.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com

O17 - HKLM\Software\..\Telephony: DomainName = Global.ad.sabre.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = global.ad.sabre.com,ad.sabre.com,dev.sabre.com,sabre.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = global.ad.sabre.com,ad.sabre.com,dev.sabre.com,sabre.com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Global.ad.sabre.com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = global.ad.sabre.com,ad.sabre.com,dev.sabre.com,sabre.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = global.ad.sabre.com,ad.sabre.com,dev.sabre.com,sabre.com

O18 - Protocol: bwfile-4990891 - {15B49F40-F5B1-4CEF-90AB-FB030B60A150} - C:\Program Files\Dash\4990891\Program\GAPlugProtocol-4990891.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Asset Management Agent (AmoAgent) - Computer Associates International, Inc. - C:\WINDOWS\UMCSTUB.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Dash (BackWeb Plug-in - 4990891) - IgniteTech - C:\Program Files\Dash\4990891\Program\ServiceWrapper-4990891.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\Program Files\The Sabre Group\Sabre32\Cfgsrvc.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe

O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe

O23 - Service: DB2 - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe

O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2govds.exe

O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe

O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2licd.exe

O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate1c95bdd529fce3) (gupdate1c95bdd529fce3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe

O23 - Service: Hummingbird Exceed Display Management (HumDisplayServer) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\9.00\Exceed\HumDisplayServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe

O23 - Service: IgniteService - Ignite Technologies - C:\Program Files\IgniteCDS\IgniteService.exe

O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe

O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe

O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NAV Collector (NAVCollector) - EDS Inc - C:\WINDOWS\system32\NAVCOLR.EXE

O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sabre Print Service (SabrePrint) - Sabre Inc. - C:\Program Files\The Sabre Group\Print32\OADP.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Tngsd\BIN\SDSERV.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--

End of file - 20334 bytes

Thank you in advance.

Link to post
Share on other sites

Full scan found one additional item. Problem is still occurring though.

Malwarebytes' Anti-Malware 1.41

Database version: 2854

Windows 5.1.2600 Service Pack 2

9/23/2009 11:18:57 PM

mbam-log-2009-09-23 (23-18-57).txt

Scan type: Full Scan (C:\|)

Objects scanned: 291469

Time elapsed: 1 hour(s), 6 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\SQLLIB\bin\db2ccar.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.