Can't get rid of Vundo trojan

braider · October 30, 2009

I can't get rid of the vundo trojan. Malwarebytes detects and remove the trojan but then it returns when I reboot. Here is the malware log and the hijack this log. Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:54:15 AM, on 10/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe

C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"

O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

O4 - HKLM\..\Run: [Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\MB1\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [seloyefep] Rundll32.exe "c:\windows\system32\fivipute.dll",a

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Symantec Backup Exec Desktop Agent.lnk = C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1212012338520

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = united-cs.dom

O17 - HKLM\Software\..\Telephony: DomainName = united-cs.dom

O17 - HKLM\System\CCS\Services\Tcpip\..\{8E76BE33-490B-4D98-8247-5B7BF702D471}: NameServer = 192.168.101.5

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = united-cs.dom

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = united-cs.dom

O20 - AppInit_DLLs: ruvisape.dll c:\windows\system32\fivipute.dll

O21 - SSODL: guwevabip - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - c:\windows\system32\fivipute.dll

O22 - SharedTaskScheduler: kupuhivus - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - c:\windows\system32\fivipute.dll

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

O23 - Service: Symantec Backup Exec Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe

O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe

O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Symantec Corporation - C:\TEMP\Clt-Inst\vpremote.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/loni/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--

End of file - 11676 bytes

Malwarebytes' Anti-Malware 1.41

Database version: 3056

Windows 5.1.2600 Service Pack 3

10/30/2009 10:43:19 AM

mbam-log-2009-10-30 (10-43-12).txt

Scan type: Quick Scan

Objects scanned: 256026

Time elapsed: 21 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seloyefep (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\guwevabip (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fivipute.dll -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fivipute.dll -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\helohiro.dll (Trojan.Vundo) -> No action taken.

SpySentinel · October 30, 2009

Hi braider, Welcome to Malwarebytes <_<

The reason Vundo keeps coming back is because you are not having MBAM remove it.

Please run a scan with Malwarebytes again this time choose Remove Selected to remove the threats then post the log as well as:

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

braider · October 30, 2009

Here is my Malware log file after I clicked remove selected.

Malwarebytes' Anti-Malware 1.41

Database version: 3056

Windows 5.1.2600 Service Pack 3

10/30/2009 11:29:16 AM

mbam-log-2009-10-30 (11-29-16).txt

Scan type: Quick Scan

Objects scanned: 256005

Time elapsed: 20 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seloyefep (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5058a7f6-86f8-45ee-9785-3d5f4866eb39} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\guwevabip (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fivipute.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fivipute.dll -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\fivipute.dll (Trojan.Vundo.H) -> Delete on reboot.

*******************************************************************************

Here is the 1st OTL file

*******************************************************************************

OTL logfile created on: 10/30/2009 11:31:01 AM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\loni\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 5500 6500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.03 Gb Total Space | 259.23 Gb Free Space | 86.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 55.75 Gb Total Space | 25.40 Gb Free Space | 45.56% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: DISPATCH05

Current User Name: loni

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\loni\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe ()

PRC - C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe ()

PRC - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe ()

PRC - C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe ( )

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Program Files\RealVNC\VNC4\vncclipboard.exe (RealVNC Ltd.)

PRC - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

PRC - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe (Symantec Corporation)

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ASFIPmon [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Cwbrxd [On_Demand | Stopped]) -- C:\WINDOWS\CWBRXD.EXE (IBM Corporation)

SRV - (DLOChangeJournalSvc [Auto | Running]) -- C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe (Symantec Corporation)

SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)

SRV - (MegaMonitorSrv [Auto | Running]) -- C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe ()

SRV - (MSMFramework [Auto | Running]) -- C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe ()

SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (ntrtscan [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (TMBMServer [On_Demand | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe ()

SRV - (tmlisten [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.)

SRV - (TmPfw [On_Demand | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe (Trend Micro Inc.)

SRV - (TmProxy [On_Demand | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)

SRV - (VPREMOTE [On_Demand | Stopped]) -- C:\TEMP\Clt-Inst\vpremote.exe (Symantec Corporation)

SRV - (WinVNC4 [Auto | Running]) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)

DRV - (BASFND [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)

DRV - (Bic [Auto | Running]) -- C:\WINDOWS\system32\drivers\bic.sys (Microsoft Corporation)

DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABMFSM.SYS (Roxio)

DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLABOIOM.SYS (Roxio)

DRV - (DLACDBHM [boot | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)

DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLADResM.SYS (Roxio)

DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS (Roxio)

DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS (Roxio)

DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAPoolM.SYS (Roxio)

DRV - (DLARTL_M [system | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)

DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS (Roxio)

DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS (Roxio)

DRV - (DRVMCDB [boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)

DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (iaStor [boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SenFiltService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Senfilt.sys (Sensaura)

DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (SYMMPI [boot | Running]) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)

DRV - (tmactmon [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmcfw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\TM_CFW.sys (Trend Micro Inc.)

DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (tmevtmgr [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (TmFilter [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys (Trend Micro Inc.)

DRV - (TmPreFilter [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys (Trend Micro Inc.)

DRV - (tmtdi [system | Running]) -- C:\WINDOWS\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)

DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (vncmirror [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vncmirror.sys (RealVNC Ltd.)

DRV - (VSApiNt [Auto | Running]) -- C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys (Trend Micro Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\loni\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\System32\fivipute.dll ()

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/20 13:01:40 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\MB1\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Popup] C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe ( )

O4 - HKLM..\Run: [seloyefep] C:\WINDOWS\System32\fivipute.DLL ()

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [iSUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Backup Exec Desktop Agent.lnk = C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe (Symantec Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1212012338520 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.101.5 192.168.102.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = united-cs.dom

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (ruvisape.dll) - File not found

O20 - AppInit_DLLs: (c:\windows\system32\fivipute.dll) - C:\WINDOWS\System32\fivipute.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ppeclt: DllName - PPEClt.dll - C:\WINDOWS\System32\PPEClt.dll (ANIXIS)

O21 - SSODL: guwevabip - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - C:\WINDOWS\System32\fivipute.dll ()

O22 - SharedTaskScheduler: {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - kupuhivus - C:\WINDOWS\System32\fivipute.dll ()

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/loni/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/06 18:09:26 | 00,000,004 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/06/06 18:09:26 | 00,000,004 | ---- | M] () - C:\autoexec.kfx -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/27 09:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/10/27 09:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/27 09:31:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\loni\Application Data\Malwarebytes

[2009/10/27 09:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/27 09:52:16 | 00,000,000 | ---D | C] -- C:\Program Files\MB1

[2009/10/30 11:05:10 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\loni\Desktop\OTL.exe

[2009/10/30 09:53:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\loni\Desktop\HJTInstall.exe

[2009/10/27 16:40:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/10/27 09:52:17 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/27 09:52:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/27 09:23:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/10/16 03:06:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU

[2009/10/16 03:04:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU

[2009/10/06 07:28:24 | 00,059,920 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2009/10/06 07:28:24 | 00,050,704 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

========== Files - Modified Within 30 Days ==========

[2009/10/30 11:05:26 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\loni\Desktop\OTL.exe

[2009/10/30 09:54:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\loni\Desktop\HijackThis.lnk

[2009/10/30 09:53:58 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\loni\Desktop\HJTInstall.exe

[2009/10/30 09:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/10/30 08:56:48 | 00,000,334 | ---- | M] () -- C:\WINDOWS\tasks\Check DLO Updates.job

[2009/10/30 08:53:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/10/29 18:37:07 | 00,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\display1.ws

[2009/10/29 18:36:59 | 00,000,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\display2.ws

[2009/10/29 17:00:07 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\ogfvzdha.job

[2009/10/29 16:00:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/29 16:00:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/29 15:32:13 | 34,871,91040 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/29 15:31:01 | 00,004,100 | -H-- | M] () -- C:\WINDOWS\System32\dabafela

[2009/10/29 12:49:41 | 00,016,037 | ---- | M] () -- C:\WINDOWS\cfgall.ini

[2009/10/27 16:42:52 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/27 16:42:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/27 16:42:52 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/10/26 09:08:06 | 00,010,260 | ---- | M] () -- C:\WINDOWS\cfgrs_ex.ini

[2009/10/26 09:08:05 | 00,011,179 | ---- | M] () -- C:\WINDOWS\cfgrs.ini

[2009/10/25 07:56:37 | 00,005,970 | ---- | M] () -- C:\WINDOWS\rvi.ini

[2009/10/16 03:20:30 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/10/16 03:16:04 | 00,524,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/16 03:16:03 | 00,617,222 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/16 03:16:03 | 00,100,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/16 03:12:06 | 00,001,829 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files - No Company Name ==========

[2009/10/30 09:54:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\loni\Desktop\HijackThis.lnk

[2009/10/28 02:59:10 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\ogfvzdha.job

[2009/10/27 09:27:12 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/09/09 18:31:11 | 00,010,260 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini

[2009/09/09 18:31:10 | 00,011,179 | ---- | C] () -- C:\WINDOWS\cfgrs.ini

[2009/07/29 14:59:57 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\fivipute.dll

[2009/07/28 02:59:09 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\hedafatu.dll

[2009/03/02 16:26:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\loni\Application Data\desktop.ini

[2009/03/02 16:26:32 | 00,068,848 | ---- | C] () -- C:\Documents and Settings\loni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/03/02 16:26:31 | 02,708,676 | -H-- | C] () -- C:\Documents and Settings\loni\Local Settings\Application Data\IconCache.db

[2009/02/20 14:39:03 | 00,002,758 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2009/02/04 23:57:54 | 00,016,037 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2008/06/06 18:11:21 | 00,001,750 | ---- | C] () -- C:\WINDOWS\KPMSW.INI

[2008/06/06 18:11:21 | 00,001,583 | ---- | C] () -- C:\WINDOWS\KPMADR.INI

[2008/06/06 18:11:21 | 00,001,558 | ---- | C] () -- C:\WINDOWS\KPM.INI

[2008/06/06 18:11:10 | 00,107,520 | ---- | C] () -- C:\WINDOWS\System32\BicLdr32.DLL

[2008/06/06 18:11:05 | 00,001,720 | ---- | C] () -- C:\WINDOWS\KOFAX200.INI

[2008/06/06 18:11:04 | 00,083,456 | ---- | C] () -- C:\WINDOWS\System32\KCL310.DLL

[2008/06/06 18:11:04 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\KDB310.DLL

[2008/06/06 17:44:04 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL

[2008/06/04 09:16:03 | 00,000,131 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/02 10:49:43 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll

[2008/06/02 10:49:43 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll

[2008/06/02 10:49:43 | 00,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll

[2008/06/02 10:49:43 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll

[2008/06/02 10:49:43 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll

[2008/06/02 10:49:43 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll

[2008/06/02 10:49:43 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll

[2008/06/02 10:49:42 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll

[2008/06/02 10:15:45 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\Img32vi.dll

[2008/06/02 10:15:45 | 00,070,144 | ---- | C] () -- C:\WINDOWS\System32\Img32awd.dll

[2008/05/19 12:33:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/05/19 12:14:49 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/05/19 11:40:19 | 00,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/07/05 18:13:10 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\AlertStrings.dll

[2007/06/25 13:46:22 | 00,159,744 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007/06/25 13:46:20 | 00,880,640 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2007/01/03 11:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/01/03 11:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/01/03 11:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/11 17:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2004/08/11 17:00:37 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini

[2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2002/01/02 13:13:42 | 00,005,970 | ---- | C] () -- C:\WINDOWS\rvi.ini

[2000/06/06 16:03:14 | 00,003,026 | ---- | C] () -- C:\WINDOWS\SigPlus.ini

[2000/04/12 20:28:12 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2000/04/12 20:24:10 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

========== LOP Check ==========

[2009/10/27 09:52:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/06/02 11:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDE

[2008/05/19 12:15:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell

[2009/10/28 13:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2009/10/27 09:31:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\loni\Application Data

[2009/03/10 15:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\loni\Application Data\CyberLink

[2009/03/02 16:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\loni\Application Data\Windows Desktop Search

[2009/10/30 09:25:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/10/30 08:56:48 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\Check DLO Updates.job

[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/10/29 17:00:07 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\ogfvzdha.job

[2009/10/29 16:00:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

************************************************

Here is the 2nd OTL FIle

************************************************

OTL Extras logfile created on: 10/30/2009 11:31:01 AM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\loni\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 5500 6500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.03 Gb Total Space | 259.23 Gb Free Space | 86.98% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 55.75 Gb Total Space | 25.40 Gb Free Space | 45.56% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

Computer Name: DISPATCH05

Current User Name: loni

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"20032:TCP" = 20032:TCP:*:Enabled:Trend Micro OfficeScan Listener

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

"C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe" = C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe:*:Disabled:popup -- ( )

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\WINDOWS\system32\logon.scr" = C:\WINDOWS\system32\logon.scr:*:Enabled:logon -- (Microsoft Corporation)

"C:\Milsoft\DisSPatch\DisSPatch.exe" = C:\Milsoft\DisSPatch\DisSPatch.exe:*:Enabled:DisSPatch -- (Milsoft Utility Solutions, Inc.)

"C:\Program Files\Analog Devices\Core\smax4pnp.exe" = C:\Program Files\Analog Devices\Core\smax4pnp.exe:*:Enabled:smax4pnp -- (Analog Devices, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe" = C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\popup.exe:*:Disabled:popup -- ( )

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)

"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{09A02B7A-45A5-4E24-9AF3-14B8A86E18CA}" = Dell SAS RAID Storage Manager

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{0F40C786-32DD-4BD9-8E86-B57D015F6657}" = Password Policy Client 5.1

"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{26EBB7C9-688F-4C00-A7C6-03C1C08B98E9}" = ShowCase Suite 8.0

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{418C56ED-7884-4217-AC65-224489CB7BC8}" = Real Vision Software Imaging System

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{9081C1BD-7244-4C60-A945-745449B9858A}" = Unified Messaging for Microsoft Exchange

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation

"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2BE4C7A-DDB0-4A2F-B3DD-534A891E6255}" = Symantec Backup Exec Desktop Agent

"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime

"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.2 Standard

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Calls Manager Start Icons_is1" = Calls Manager Start Icons

"ClientAccessExpress" = IBM iSeries Access for Windows

"Davacord DigiVoice Client Software" = Davacord DigiVoice Client Software 4.1.0.0

"DisSPatch OMS Clients_is1" = DisSPatch OMS

"Formatta Filler 7.0" = Formatta Filler 7.0

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{09A02B7A-45A5-4E24-9AF3-14B8A86E18CA}" = Dell SAS RAID Storage Manager v2.16-00

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"OfficeScanNT" = Trend Micro OfficeScan Client

"Partner" = Partner (remove icons only)

"PROHYBRIDR" = 2007 Microsoft Office system

"RealVNC_is1" = VNC Enterprise Edition E4.5

"SearchAssist" = SearchAssist

"ST6UNST #1" = Emergency Outage

"ST6UNST #2" = Billing History Viewer

"ST6UNST #3" = Emergency Outage (C:\Program Files\Outage\)

"VNCMirror_is1" = VNC Mirror Driver 1.8.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/29/2009 3:57:54 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = SDisplay: clipboard: OpenClipboard(getText): The operation completed

successfully. (0)

Error - 10/29/2009 4:23:59 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400

Error - 10/29/2009 4:23:59 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400

Error - 10/29/2009 4:25:26 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400

Error - 10/29/2009 4:25:26 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = Clipboard: chain timed out (WM_DRAWCLIPBOARD): 1400

Error - 10/29/2009 4:30:40 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = ClipboardConnection: vncclipboard authentication failed

Error - 10/29/2009 5:00:17 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = TcpListenerManager: not listening on IPv6: unable to create listening

socket: An address incompatible with the requested protocol was used. (10047)

Error - 10/29/2009 5:00:17 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = TcpListenerManager: not listening on IPv6: unable to create listening

socket: An address incompatible with the requested protocol was used. (10047)

Error - 10/29/2009 5:00:17 PM | Computer Name = DISPATCH05 | Source = WinVNC4 | ID = 1

Description = TcpListenerManager: not listening on IPv6: unable to create listening

socket: An address incompatible with the requested protocol was used. (10047)

Error - 10/29/2009 5:00:55 PM | Computer Name = DISPATCH05 | Source = UserInit | ID = 1000

Description = Could not execute the following script \\united-cs.dom\NETLOGON\DST2007Update.cmd.

The system cannot find the file specified. .

[ System Events ]

Error - 10/26/2009 3:30:31 PM | Computer Name = DISPATCH05 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/26/2009 5:46:57 PM | Computer Name = DISPATCH05 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/26/2009 6:08:10 PM | Computer Name = DISPATCH05 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/27/2009 10:24:02 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service

service to connect.

Error - 10/27/2009 10:24:02 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7000

Description = The Lavasoft Ad-Aware Service service failed to start due to the following

error: %%1053

Error - 10/27/2009 10:28:33 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service

service to connect.

Error - 10/27/2009 10:28:33 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7000

Description = The OfficeScan NT Proxy Service service failed to start due to the

following error: %%1053

Error - 10/27/2009 10:29:05 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service

service to connect.

Error - 10/27/2009 10:29:05 AM | Computer Name = DISPATCH05 | Source = Service Control Manager | ID = 7000

Description = The OfficeScan NT Proxy Service service failed to start due to the

following error: %%1053

< End of report >

braider · October 30, 2009

ttt

SpySentinel · November 4, 2009

Sorry for the delay:

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - C:\WINDOWS\System32\fivipute.dll ()
O4 - HKLM..\Run: [seloyefep] C:\WINDOWS\System32\fivipute.DLL ()
O20 - AppInit_DLLs: (ruvisape.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\fivipute.dll) - C:\WINDOWS\System32\fivipute.dll ()
O21 - SSODL: guwevabip - {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - C:\WINDOWS\System32\fivipute.dll ()
O22 - SharedTaskScheduler: {5058a7f6-86f8-45ee-9785-3d5f4866eb39} - kupuhivus - C:\WINDOWS\System32\fivipute.dll ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/loni/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

:Files
C:\WINDOWS\tasks\ogfvzdha.job
C:\WINDOWS\System32\fivipute.dll
C:\WINDOWS\System32\hedafatu.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

SpySentinel · November 17, 2009

Due to lack of feedback this topic has been closed.

If you need this topic reopened, please PM a Moderator with the link to this thread.

Everyone else please start a new topic.

AdvancedSetup · November 17, 2009

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Sign In

Can't get rid of Vundo trojan

Recommended Posts

braider

Link to post

Share on other sites

SpySentinel

Link to post

Share on other sites

braider

Link to post

Share on other sites

braider

Link to post

Share on other sites

SpySentinel

Link to post

Share on other sites

SpySentinel

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information