Jump to content

Mendo

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry for the delay in getting back to you. The machine seems to be behaving OK. The only suspicious thing that I've noticed is a long pause, when it is starting up, that comes between the taskbar appearing and the icons appearing on the desktop. It's about 20-30 seconds and the hard drive light is indicating some activity. Other than that everything seems fine. I've disabled the Windows firewall and installed the free version of Online Armor firewall. I also am running Panda AV. I would like to buy the full version of MBAM. Is it necessary (or even a good idea) to run both Panda and MBAM? Thanks for all your help. It's really appreciated.
  2. There was a problem with Combo Fix. At one point Windows was restarted by CF. I was prompted for my password and entered it. As the desktop came up a dialog box appeared titled "C:\windows\system32\CF23953.exe" with the message "Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item". When I clicked on the OK button ComboFix appeared to stop. I ran a scan with Kaspersky and it found no problems. The computer seems to be working fine. The only thing I've noticed is a somewhat longer time when rebooting between the time I enter my password and the time that the icons appear on the desktop. The HJT log is below. Thanks again for all your help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:47, on 2009-04-05 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\iRacing\iRacingService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\WINDOWS\system32\wdfmgr.exe C:\windows\system32\vmnat.exe C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-hostd.exe C:\windows\System32\alg.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\windows\system32\wscntfy.exe C:\windows\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [combofix] C:\windows\system32\CF23953.exe /c C:\ComboFix\Combobatch.bat O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iRacing helper service (iRacingService) - iRacing.com Motorsport Simulations, LLC Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe -- End of file - 11248 bytes
  3. I have posted all the logs that you requested below. I was unable after 2 tries to run the Panda Active Scan. It got as far as the page saying "Downloading Active Scan" but it showed no evidence of having downloaded anything after 20 min. I have Panda AV installed, so I tried to run Panda Total Scan Pro. It came back twice with the error message "Windows cannot find 'http://www.pandasoftware.com/redirector/?prod=3352&app=TotalScanPro〈=eng&Data=61386166623939373934613662316332316330613561383561386583737353939633263 3161656163'.Make sure you typed the name correctly,and then try again. To search for a file, click the Start button, and then click Search." The file that you ask about in Step 06 (Scantool.exe) is an open-source application that allows a PC to communicate through a serial port with an automobile's on-board diagnostic system. See www.scantool.net. Thanks for your help! ComboFix 09-04-01.01 - Bob 2009-04-03 21:24:48.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -4:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\CFscript.txt AV: Panda Antivirus 2008 *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_dvgtian -------\Service_xnbgg ((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))))) . 2009-04-03 17:56 . 2009-04-03 17:56 <DIR> d-------- c:\windows\SYSTEM32\unknown 2009-04-02 21:42 . 2009-04-02 21:42 <DIR> d-------- c:\program files\Trend Micro 2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d-------- c:\documents and settings\Bob\Application Data\Malwarebytes 2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-28 12:16 . 2009-03-26 16:49 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-03-28 12:16 . 2009-03-26 16:49 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-03-27 16:56 . 2009-03-27 16:57 2 --a------ C:\1425880953 2009-03-24 18:10 . 2009-03-24 18:12 <DIR> d-------- c:\program files\DeductionPro 2008 2009-03-24 18:06 . 2009-03-24 18:10 <DIR> d-------- c:\program files\TaxCut08 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 01:31 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware 2009-04-04 01:31 --------- d-----w c:\documents and settings\All Users\Application Data\VMware 2009-04-04 01:13 --------- d-----w c:\program files\Sonique 2009-03-30 00:33 --------- d-----w c:\documents and settings\Bob\Application Data\InstallShield 2009-03-28 01:32 --------- d-----w c:\program files\SUPERAntiSpyware 2009-03-28 01:31 --------- d-----w c:\documents and settings\Bob\Application Data\SUPERAntiSpyware.com 2009-03-28 01:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-24 22:28 --------- d-----w c:\documents and settings\Bob\Application Data\VMware 2009-03-24 22:21 --------- d-----w c:\program files\ScanTool114 2009-03-24 22:12 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-24 22:12 --------- d-----w c:\documents and settings\Bob\Application Data\TaxCut 2009-03-24 22:07 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut 2009-03-11 02:53 --------- d-----w c:\documents and settings\Tori\Application Data\KompoZer 2009-02-28 21:21 --------- d-----w c:\program files\OBD II logger 2009-02-17 17:17 72,520 ----a-w c:\windows\system32\drivers\ftser2k.sys 2009-02-10 22:47 --------- d-----w c:\program files\iRacing 2009-02-07 02:11 --------- d-----w c:\program files\GetRight 2009-02-07 02:11 --------- d-----w c:\documents and settings\Bob\Application Data\GetRight 2008-06-30 23:27 53 ----a-w c:\documents and settings\All Users\FixPrinter.bat 2008-04-06 16:49 39,425,352 ----a-w c:\documents and settings\Bob\TaxCut Premium Federal.exe 2008-04-06 16:49 80 --sh--r c:\windows\SYSTEM32\C7AECE60D9.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-03_16.34.39.93 ))))))))))))))))))))))))))))))))))))))))) . + 2001-01-15 07:34:24 159,744 ----a-w c:\windows\SYSTEM32\unknown\unzip.exe + 1997-11-04 05:20:00 117,248 ----a-w c:\windows\SYSTEM32\unknown\zip.exe + 2009-04-04 01:31:15 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4a4.dat + 2009-04-04 01:31:27 16,384 ----atw c:\windows\temp\Perflib_Perfdata_534.dat + 2009-04-04 01:31:50 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6ac.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2005-05-05 44832] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "Google Update"="c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 172032] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-12-14 228088] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 55368] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE] "nwiz"="nwiz.exe" [2005-12-10 c:\windows\SYSTEM32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-07-29 57344] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 20:02 50736 c:\windows\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= vdrcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944] R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-08-14 38968] R2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [2008-08-16 451160] R2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-08-14 178872] R2 vmci;VMware vmci;c:\windows\SYSTEM32\DRIVERS\vmci.sys [2008-10-12 54960] R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [2008-10-12 322096] R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [2008-10-12 57344] S2 mrtRate;mrtRate; [x] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [2008-10-12 29744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] network REG_MULTI_SZ network [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c56f500-7d40-11dd-a315-0013201ad31d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cba5df2-6c71-11dc-a15b-0013201ad31d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-04 c:\windows\Tasks\cjyvehmm.job - c:\windows\system32\rqRhFVMe.dll [] 2009-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322283482-531136397-3634322543-1006.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 15:31] . . ------- Supplementary Scan ------- . LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll LSP: c:\program files\VMware\VMware Server\vsocklib.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\puhcsny0.default\ FF - prefs.js: browser.startup.homepage - hxxp://todoist.com FF - plugin: c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\puhcsny0.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll FF - plugin: c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-03 21:31:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b6,f4,b7,1d,f2, 7a,61,f6,e2,63,26,f1,3f,c8,ff,68,c1,75,ec,1a,86,2c,b4,b8,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,48,31,e7,90,02, 92,da,0a,6a,9c,d6,61,af,45,84,18,57,c8,25,89,27,dc,ab,e1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,8b,b8,e8,5e,9c, 38,0d,5e,ff,7c,85,e0,43,d4,0e,fe,59,86,53,3b,ee,64,ed,c9,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,e1,a0,b1,cd,22, b4,33,ed,86,8c,21,01,be,91,eb,e7,fc,5d,63,74,5c,a6,fa,51,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,42,3e,c5,64,35, 73,ad,bc,f5,1d,4d,73,a8,13,5c,05,29,30,c4,f2,db,df,1d,80,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,58,b8,56,1c,2f, 11,68,03,df,20,58,62,78,6b,cf,c8,a9,75,41,6e,5c,69,7d,57,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,28,41,b5,9a,0d, 40,1c,76,fb,a7,78,e6,12,2f,9a,ea,62,31,61,6b,e1,e6,77,13,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,cf,d4,08,dc,61, c6,70,9e,01,3a,48,fc,e8,04,4a,f1,8b,19,0e,05,f5,09,b9,e6,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,27,34,7d,05,e9, a5,5f,38,f6,0f,4e,58,98,5b,89,c9,98,b1,e7,5d,60,11,f4,bf,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,3d,54,55,ef,09, bb,f4,57,3d,ce,ea,26,2d,45,aa,78,6d,93,34,0e,ae,bc,fa,05,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,c0,30,a4,5c,a1, 2f,93,3d,2a,b7,cc,b5,b9,7f,41,e7,12,d1,69,01,79,07,46,2d,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,71,17,de,85,76, 3e,e1,42,6c,43,2d,1e,aa,22,2f,9c,39,e9,94,58,e8,90,a4,95,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(856) c:\windows\system32\VMGINA.DLL c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\avldr.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe c:\program files\Panda Security\Panda Antivirus 2008\PsImSvc.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\HP\hpcoretech\comp\hptskmgr.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\SYSTEM32\vmnat.exe c:\program files\VMware\VMware Server\vmware-authd.exe c:\windows\SYSTEM32\vmnetdhcp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\Panda Security\Panda Antivirus 2008\WebProxy.exe . ************************************************************************** . Completion time: 2009-04-03 21:34:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-04 01:34:41 Pre-Run: 216,451,641,344 bytes free Post-Run: 217,026,121,728 bytes free 255 --- E O F --- 2009-01-15 04:46:38 JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Apr 03 21:50:13 2009 Found and removed: C:\Program Files\Java\j2re1.4.2_03 Found and removed: C:\Program Files\Java\jre1.5.0_05 Found and removed: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Program Files\Java\jre1.5.0_10 Found and removed: C:\Program Files\Java\jre1.6.0_01 Found and removed: C:\Program Files\Java\jre1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4 Found and removed: Software\JavaSoft\Java2D\1.5.0_05 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\JavaPlugin.150_05 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203 Found and removed: SOFTWARE\Classes\JavaPlugin.142_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10 Found and removed: Software\Classes\JavaPlugin.142_03 Found and removed: Software\Classes\JavaPlugin.160_01 Found and removed: Software\Classes\JavaPlugin.160_02 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: Software\JavaSoft\Java2D\1.6.0_01 Found and removed: Software\JavaSoft\Java2D\1.6.0_02 Found and removed: Software\JavaSoft\Java2D\1.6.0_03 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip ------------------------------------ Finished reporting. Malwarebytes' Anti-Malware 1.35 Database version: 1940 Windows 5.1.2600 Service Pack 3 4/4/2009 06:08:56 PM mbam-log-2009-04-04 (18-08-56).txt Scan type: Quick Scan Objects scanned: 93548 Time elapsed: 3 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:09:30, on 4/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\iRacing\iRacingService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\windows\system32\vmnat.exe C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-hostd.exe C:\windows\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sonique\sqstart.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\windows\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [soniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iRacing helper service (iRacingService) - iRacing.com Motorsport Simulations, LLC Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe -- End of file - 10873 bytes
  4. Here are the logs you requested. Thanks! ComboFix 09-04-01.01 - Bob 2009-04-03 16:28:47.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.530 [GMT -4:00] Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bob\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: Panda Antivirus 2008 *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bob\err.log c:\documents and settings\Patti\err.log c:\documents and settings\Tori\err.log c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\system32\ayulotat.ini c:\windows\system32\erwtngxd.ini c:\windows\SYSTEM32\OoWaGfhk.ini c:\windows\SYSTEM32\OoWaGfhk.ini2 c:\windows\system32\spmuuqjy.ini c:\windows\system32\tmp.reg c:\windows\system32\uniq.tll c:\windows\system32\userini.exe c:\windows\system32\vuvvtusm.ini c:\windows\system32\windows.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NETWORK -------\Service_network ((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 ))))))))))))))))))))))))))))))) . 2009-04-02 21:42 . 2009-04-02 21:42 <DIR> d-------- c:\program files\Trend Micro 2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d-------- c:\documents and settings\Bob\Application Data\Malwarebytes 2009-03-28 12:16 . 2009-03-28 12:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-28 12:16 . 2009-03-26 16:49 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2009-03-28 12:16 . 2009-03-26 16:49 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys 2009-03-27 16:56 . 2009-03-27 16:57 2 --a------ C:\1425880953 2009-03-24 18:10 . 2009-03-24 18:12 <DIR> d-------- c:\program files\DeductionPro 2008 2009-03-24 18:06 . 2009-03-24 18:10 <DIR> d-------- c:\program files\TaxCut08 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-03 20:32 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware 2009-04-03 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\VMware 2009-04-03 19:53 --------- d-----w c:\program files\Sonique 2009-03-30 00:33 --------- d-----w c:\documents and settings\Bob\Application Data\InstallShield 2009-03-28 01:32 --------- d-----w c:\program files\SUPERAntiSpyware 2009-03-28 01:31 --------- d-----w c:\documents and settings\Bob\Application Data\SUPERAntiSpyware.com 2009-03-28 01:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-03-24 22:28 --------- d-----w c:\documents and settings\Bob\Application Data\VMware 2009-03-24 22:21 --------- d-----w c:\program files\ScanTool114 2009-03-24 22:12 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-24 22:12 --------- d-----w c:\documents and settings\Bob\Application Data\TaxCut 2009-03-24 22:07 --------- d-----w c:\documents and settings\All Users\Application Data\TaxCut 2009-03-11 02:53 --------- d-----w c:\documents and settings\Tori\Application Data\KompoZer 2009-02-28 21:21 --------- d-----w c:\program files\OBD II logger 2009-02-17 17:17 72,520 ----a-w c:\windows\system32\drivers\ftser2k.sys 2009-02-10 22:47 --------- d-----w c:\program files\iRacing 2009-02-07 02:11 --------- d-----w c:\program files\GetRight 2009-02-07 02:11 --------- d-----w c:\documents and settings\Bob\Application Data\GetRight 2008-06-30 23:27 53 ----a-w c:\documents and settings\All Users\FixPrinter.bat 2008-04-06 16:49 39,425,352 ----a-w c:\documents and settings\Bob\TaxCut Premium Federal.exe 2008-04-06 16:49 80 --sh--r c:\windows\SYSTEM32\C7AECE60D9.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2005-05-05 44832] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416] "Google Update"="c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 172032] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 455984] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-12-14 228088] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-07-29 57344] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2007-02-15 20:02 50736 c:\windows\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= vdrcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-01-27 02:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-12-22 09:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2005-02-16 23:11 49152 c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2004-05-06 23:43 172032 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2005-09-20 09:32 77824 c:\windows\SYSTEM32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2005-09-20 09:36 114688 c:\windows\SYSTEM32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2005-09-20 09:35 94208 c:\windows\SYSTEM32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] --a------ 2003-09-03 21:12 221184 c:\program files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] --a------ 2005-03-15 08:58 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\SYSTEM32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 19:58 282624 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] --a------ 2006-12-14 01:08 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch] --a------ 2007-05-02 19:00 55368 c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell] --a------ 2008-04-13 20:12 8461312 c:\windows\SYSTEM32\shell32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 15:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-09-06 15:07 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2004-01-07 02:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2005-12-10 04:06 1519616 c:\windows\SYSTEM32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RoxWatch9"=2 (0x2) "RoxMediaDB9"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Sonique\\Sonique.exe"= "c:\\Program Files\\LucasArts\\SWKotOR2\\launcher.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Newtonium\\RoboWorks 3.0\\RoboWorks.exe"= "c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"= "c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"= "c:\\Program Files\\Panda Security\\Panda Antivirus 2008\\ApVxdWin.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6346:UDP"= 6346:UDP:gnutella R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944] R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [2008-08-14 38968] R2 iRacingService;iRacing helper service;c:\program files\iRacing\iRacingService.exe [2008-08-16 451160] R2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [2008-08-14 178872] R2 vmci;VMware vmci;c:\windows\SYSTEM32\DRIVERS\vmci.sys [2008-10-12 54960] R2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [2008-10-12 322096] R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [2008-10-12 57344] S0 dvgtian;dvgtian;c:\windows\system32\drivers\sxgn.sys --> c:\windows\system32\drivers\sxgn.sys [?] S0 xnbgg;xnbgg;c:\windows\system32\drivers\ivjlmpc.sys --> c:\windows\system32\drivers\ivjlmpc.sys [?] S2 mrtRate;mrtRate; [x] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [2008-10-12 29744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] network REG_MULTI_SZ network [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c56f500-7d40-11dd-a315-0013201ad31d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cba5df2-6c71-11dc-a15b-0013201ad31d}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-03 c:\windows\Tasks\cjyvehmm.job - c:\windows\system32\rqRhFVMe.dll [] 2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322283482-531136397-3634322543-1006.job - c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 15:31] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-ctmon.exe - c:\windows\system32\kn.ext Notify-efcBqoPJ - efcBqoPJ.dll MSConfigStartUp-SpywareBot - c:\program files\spywarebot\SpywareBot.exe . ------- Supplementary Scan ------- . LSP: c:\program files\Panda Security\Panda Antivirus 2008\pavlsp.dll LSP: c:\program files\VMware\VMware Server\vsocklib.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\puhcsny0.default\ FF - prefs.js: browser.startup.homepage - hxxp://todoist.com FF - plugin: c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\puhcsny0.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll FF - plugin: c:\documents and settings\Bob\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10. ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-03 16:32:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b6,f4,b7,1d,f2, 7a,61,f6,e2,63,26,f1,3f,c8,ff,68,c1,75,ec,1a,86,2c,b4,b8,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,48,31,e7,90,02, 92,da,0a,6a,9c,d6,61,af,45,84,18,57,c8,25,89,27,dc,ab,e1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,8b,b8,e8,5e,9c, 38,0d,5e,ff,7c,85,e0,43,d4,0e,fe,59,86,53,3b,ee,64,ed,c9,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,e1,a0,b1,cd,22, b4,33,ed,86,8c,21,01,be,91,eb,e7,fc,5d,63,74,5c,a6,fa,51,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,42,3e,c5,64,35, 73,ad,bc,f5,1d,4d,73,a8,13,5c,05,29,30,c4,f2,db,df,1d,80,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,58,b8,56,1c,2f, 11,68,03,df,20,58,62,78,6b,cf,c8,a9,75,41,6e,5c,69,7d,57,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,28,41,b5,9a,0d, 40,1c,76,fb,a7,78,e6,12,2f,9a,ea,62,31,61,6b,e1,e6,77,13,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,cf,d4,08,dc,61, c6,70,9e,01,3a,48,fc,e8,04,4a,f1,8b,19,0e,05,f5,09,b9,e6,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,27,34,7d,05,e9, a5,5f,38,f6,0f,4e,58,98,5b,89,c9,98,b1,e7,5d,60,11,f4,bf,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,3d,54,55,ef,09, bb,f4,57,3d,ce,ea,26,2d,45,aa,78,6d,93,34,0e,ae,bc,fa,05,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32] @DACL=(02 0000) @="c:\\windows\\system32\\rimakita.dll" "ThreadingModel"="Both" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,c0,30,a4,5c,a1, 2f,93,3d,2a,b7,cc,b5,b9,7f,41,e7,12,d1,69,01,79,07,46,2d,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,71,17,de,85,76, 3e,e1,42,6c,43,2d,1e,aa,22,2f,9c,39,e9,94,58,e8,90,a4,95,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] @DACL=(02 0000) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\VMGINA.DLL c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\avldr.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe c:\windows\SYSTEM32\nvsvc32.exe c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe c:\program files\Panda Security\Panda Antivirus 2008\PsImSvc.exe c:\windows\SYSTEM32\rundll32.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\windows\SYSTEM32\wdfmgr.exe c:\windows\SYSTEM32\vmnat.exe c:\program files\VMware\VMware Server\vmware-authd.exe c:\windows\SYSTEM32\vmnetdhcp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\SYSTEM32\wscntfy.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\program files\Panda Security\Panda Antivirus 2008\WebProxy.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe . ************************************************************************** . Completion time: 2009-04-03 16:35:30 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-03 20:35:28 Pre-Run: 216,375,447,552 bytes free Post-Run: 216,487,649,280 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\windows [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 330 --- E O F --- 2009-01-15 04:46:38 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:41:42, on 4/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\iRacing\iRacingService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system32\RUNDLL32.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Sonique\sqstart.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\windows\system32\vmnat.exe C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-hostd.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\windows\explorer.exe C:\windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKCU\..\Run: [soniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iRacing helper service (iRacingService) - iRacing.com Motorsport Simulations, LLC Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe -- End of file - 9212 bytes DDS (Ver_09-03-16.01) - NTFSx86 Run by Bob at 16:45:20.00 on Fri 04/03/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.493 [GMT -4:00] AV: Panda Antivirus 2008 *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\windows\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\iRacing\iRacingService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system32\RUNDLL32.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Sonique\sqstart.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\windows\system32\vmnat.exe C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-hostd.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\wscntfy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\windows\explorer.exe C:\Documents and Settings\Bob\Desktop\dds.scr ============== Pseudo HJT Report =============== uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [soniqueQuickStart] c:\program files\sonique\sqstart.exe -nostick uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [Google Update] "c:\documents and settings\bob\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Logitech Utility] Logi_MwX.Exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus 2008\APVXDWIN.EXE" /s mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll LSP: c:\program files\panda security\panda antivirus 2008\pavlsp.dll LSP: c:\program files\vmware\vmware server\vsocklib.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15030/CTSUEng.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avldr - avldr.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\puhcsny0.default\ FF - prefs.js: browser.startup.homepage - hxxp://todoist.com FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\puhcsny0.default\extensions\vmwarevmrc@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll FF - plugin: c:\documents and settings\bob\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: XUL Cache: {2FF6D404-8CAE-4608-A07B-F3DFB54571EE} - c:\documents and settings\bob\local settings\application data\{2FF6D404-8CAE-4608-A07B-F3DFB54571EE} ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10 ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-8-14 38968] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 iRacingService;iRacing helper service;c:\program files\iracing\iRacingService.exe [2008-8-16 451160] R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus 2008\PsCtrlS.exe [2008-8-13 169264] R2 pavdrv;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-8-13 83896] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-8-14 178872] R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2008-8-14 63024] R2 PAVSRV;Panda anti-virus service;c:\program files\panda security\panda antivirus 2008\PAVSRV51.EXE [2008-8-13 148272] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-12 54960] R2 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2008-10-12 322096] R2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2008-10-12 57344] S0 dvgtian;dvgtian;c:\windows\system32\drivers\sxgn.sys --> c:\windows\system32\drivers\sxgn.sys [?] S0 xnbgg;xnbgg;c:\windows\system32\drivers\ivjlmpc.sys --> c:\windows\system32\drivers\ivjlmpc.sys [?] S2 mrtRate;mrtRate; [x] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408] S3 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2008-10-12 29744] =============== Created Last 30 ================ 2009-04-03 16:25 <DIR> a-dshr-- C:\cmdcons 2009-04-03 16:24 161,792 a------- c:\windows\SWREG.exe 2009-04-03 16:24 98,816 a------- c:\windows\sed.exe 2009-04-02 21:42 <DIR> --d----- c:\program files\Trend Micro 2009-03-28 12:16 <DIR> --d----- c:\docume~1\bob\applic~1\Malwarebytes 2009-03-28 12:16 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-28 12:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-28 12:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-03-28 12:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-03-27 16:56 2 a------- C:\1425880953 2009-03-24 18:10 <DIR> --d----- c:\program files\DeductionPro 2008 2009-03-24 18:06 <DIR> --d----- c:\program files\TaxCut08 ==================== Find3M ==================== 2009-02-17 13:20 51,528 a------- c:\windows\system32\ftserui2.dll 2009-02-17 13:17 72,520 a------- c:\windows\system32\drivers\ftser2k.sys 2009-01-17 11:24 399,360 a------- c:\windows\system32\dllcache\rpcss.dll 2009-01-12 18:37 2,987 a------- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat 2009-01-12 18:37 513,400 a------- c:\windows\system32\SpoonUninstall.exe 2009-01-12 18:26 13,785 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-06-30 19:27 53 a------- c:\documents and settings\all users\FixPrinter.bat 2008-04-06 12:49 39,425,352 a------- c:\documents and settings\bob\TaxCut Premium Federal.exe 2008-04-06 12:49 80 ---shr-- c:\windows\system32\C7AECE60D9.dll ============= FINISH: 16:45:33.59 =============== Service Pack 3 4 3 2009 18:09:14.375 Loaded driver \windows\system32\ntoskrnl.exe Loaded driver \windows\system32\hal.dll Loaded driver \windows\system32\KDCOM.DLL Loaded driver \windows\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \windows\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \windows\system32\DRIVERS\PCIIDEX.SYS Loaded driver aliide.sys Loaded driver cmdide.sys Loaded driver toside.sys Loaded driver viaide.sys Loaded driver intelide.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver cpqarray.sys Loaded driver \windows\system32\DRIVERS\SCSIPORT.SYS Loaded driver atapi.sys Loaded driver aha154x.sys Loaded driver sparrow.sys Loaded driver symc810.sys Loaded driver aic78xx.sys Loaded driver dac960nt.sys Loaded driver ql10wnt.sys Loaded driver amsint.sys Loaded driver asc.sys Loaded driver asc3550.sys Loaded driver mraid35x.sys Loaded driver i2omp.sys Loaded driver ini910u.sys Loaded driver ql1240.sys Loaded driver aic78u2.sys Loaded driver symc8xx.sys Loaded driver sym_hi.sys Loaded driver sym_u3.sys Loaded driver ABP480N5.SYS Loaded driver asc3350p.sys Loaded driver cd20xrnt.sys Loaded driver ultra.sys Loaded driver adpu160m.sys Loaded driver dpti2o.sys Loaded driver ql1080.sys Loaded driver ql1280.sys Loaded driver ql12160.sys Loaded driver perc2.sys Loaded driver perc2hib.sys Loaded driver hpn.sys Loaded driver cbidf2k.sys Loaded driver dac2w2k.sys Loaded driver disk.sys Loaded driver \windows\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver sisagp.sys Loaded driver viaagp.sys Loaded driver Mup.sys Loaded driver agp440.sys Loaded driver alim1541.sys Loaded driver amdagp.sys Loaded driver agpCPQ.sys Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\IntelC53.sys Loaded driver \SystemRoot\system32\DRIVERS\IntelC51.sys Loaded driver \SystemRoot\system32\DRIVERS\IntelC52.sys Loaded driver \SystemRoot\system32\DRIVERS\mohfilt.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\e100b325.sys Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\Drivers\ASAPIW2K.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\drivers\smwdm.sys Loaded driver \SystemRoot\system32\drivers\senfilt.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\system32\DRIVERS\MarvinBus.sys Loaded driver \SystemRoot\system32\drivers\WmBEnum.sys Loaded driver \SystemRoot\system32\drivers\WmXlCore.sys Loaded driver \SystemRoot\system32\DRIVERS\vmnetadapter.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys Loaded driver \SystemRoot\system32\DRIVERS\usbprint.sys Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\ShlDrv51.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \??\C:\WINDOWS\system32\drivers\pclepci.sys Loaded driver \SystemRoot\system32\DRIVERS\LHidFlt2.Sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\pavdrv51.sys Loaded driver \SystemRoot\system32\DRIVERS\vmnetbridge.sys Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \??\C:\windows\system32\drivers\hcmon.sys Loaded driver \??\C:\windows\system32\Drivers\vmci.sys Loaded driver \??\C:\windows\system32\Drivers\VMparport.sys Loaded driver \??\C:\windows\system32\Drivers\vmx86.sys Loaded driver \SystemRoot\system32\DRIVERS\dsunidrv.sys Did not load driver \SystemRoot\System32\Drivers\mrtRate.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys Loaded driver \SystemRoot\system32\DRIVERS\secdrv.sys Loaded driver \??\C:\windows\system32\drivers\vmnetuserif.sys Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/04/03 18:19 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\windows\System32\Drivers\dump_atapi.sys Address: 0xF5183000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS Address: 0xF7B3F000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\windows\system32\drivers\rootrepeal.sys Address: 0xB8A67000 Size: 45056 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! SSDT ------------------- #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb9259a70 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb9258e40 Attach.zip Attach.zip
  5. I've run MBAM several times in the past few days and have cleaned up a number of problems but my computer is still slow and my browser is occasionally redirected. I just ran a full scan with Panda AV 2008. It found a file that it identifies as Trj/Inj.DU and deleted it. I then ran MBAM Quick Scan and it found a bad registry key. I re-booted and did a second Quick Scan and it showed the same registry key still present. Here are my log files: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:43:00, on 4/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE C:\windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\windows\system32\spoolsv.exe C:\Program Files\iRacing\iRacingService.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\windows\system32\vmnat.exe C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\windows\Explorer.EXE C:\windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-hostd.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system32\RUNDLL32.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Sonique\sqstart.exe C:\windows\system32\wscntfy.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Windows NT\Accessories\WORDPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKCU\..\Run: [soniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [fayimafino] Rundll32.exe "C:\windows\system32\yelesoji.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [fayimafino] Rundll32.exe "C:\windows\system32\yelesoji.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctmon.exe] C:\WINDOWS\system32\kn.ext (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctmon.exe] C:\WINDOWS\system32\kn.ext (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware server\vsocklib.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - AppInit_DLLs: C:\windows\system32\volamele.dll jbgoqr.dll c:\windows\system32\rimakita.dll C:\windows\system32\futajido.dll c:\windows\system32\rugawaba.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: efcBqoPJ - efcBqoPJ.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iRacing helper service (iRacingService) - iRacing.com Motorsport Simulations, LLC Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Server\vmware-hostd.exe O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmVssWriter.exe -- End of file - 9620 bytes Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Thanks in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.